XSSBook is a deliberately vulnerable social networking application built with Python Flask, designed for educational purposes to demonstrate various Cross-Site Scripting (XSS) vulnerabilities.
This application serves as a learning platform for:
- Understanding different types of XSS vulnerabilities
- Learning secure coding practices
- Practicing penetration testing techniques
- Educational demonstrations in cybersecurity courses
This application contains intentional security vulnerabilities and should NEVER be deployed to production or exposed to the internet. Use only in isolated, controlled environments for educational purposes.
- User registration and authentication
- User profiles with avatars, bio, and signatures
- Post creation with text, images, and videos
- Comment system
- Like functionality
- Friend requests and management
- Search functionality
- Personalization settings
- Python 3.7 or higher
- pip (Python package installer)
-
Clone or download the project files
-
Navigate to the project directory:
cd XssBook -
Install required packages:
pip3 install -r requirements.txt
-
Run the application:
python3 app.py
-
Open your browser and navigate to:
http://localhost:5000
The application automatically creates demo accounts with sample data:
- Username: bret, antonette, samantha, etc.
- Password: password123
These accounts come with pre-populated posts, comments, and profile information.