brs-kb


Namebrs-kb JSON
Version 1.1.0 PyPI version JSON
download
home_pageNone
SummaryCommunity-Driven XSS Knowledge Base - Open Security Intelligence
upload_time2025-10-25 22:52:43
maintainerEasyProTech LLC
docs_urlNone
authorBrabus
requires_python>=3.8
licenseNone
keywords xss security vulnerability knowledge-base penetration-testing web-security owasp cwe cvss red-team bug-bounty
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            <div align="center">

# BRS-KB

### Community XSS Knowledge Base

**Open Knowledge for Security Community**

_Advanced XSS Intelligence Database for Researchers and Scanners_

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
[![PyPI](https://img.shields.io/pypi/v/brs-kb.svg)](https://pypi.org/project/brs-kb/)
[![Version](https://img.shields.io/badge/version-1.1.0-green.svg)](https://github.com/EPTLLC/BRS-KB)
[![Code Size](https://img.shields.io/badge/code-8.5k%20lines-brightgreen.svg)]()
[![Contexts](https://img.shields.io/badge/contexts-27-orange.svg)]()
[![Tests](https://img.shields.io/badge/tests-passing-success.svg)]()

## Table of Contents

- [Why BRS-KB?](#-why-brs-kb)
- [Installation](#-installation)
- [Quick Start](#-quick-start)
- [Available Contexts](#-available-contexts)
- [Features](#-features)
- [CLI Tool](#-cli-tool)
- [Security Scanner Plugins](#-security-scanner-plugins)
- [SIEM Integration](#-siem-integration)
- [CI/CD Pipeline](#-cicd-pipeline)
- [Usage](#-usage)
- [API Reference](#-api-reference)
- [Examples](#-examples)
- [Contributing](#-contributing)
- [Project Structure](#-project-structure)
- [Testing](#-testing)
- [Statistics](#-statistics)
- [License](#-license)
- [Project Info](#-project-info)
- [Related Projects](#-related-projects)
- [Support Policy](#-support-policy)
- [Acknowledgments](#-acknowledgments)

---

Comprehensive, community-driven knowledge base for Cross-Site Scripting (XSS) vulnerabilities

</div>

---

## Why BRS-KB?

| Feature | Description |
|---------|-------------|
| **27 Contexts** | Covering classic and modern XSS vulnerability types |
| **Detailed Info** | Attack vectors, bypass techniques, defense strategies |
| **Simple API** | Python library, easy to integrate |
| **Zero Dependencies** | Pure Python 3.8+ |
| **SIEM Compatible** | CVSS scores, CWE/OWASP mappings, severity levels |
| **Open Source** | MIT licensed, community contributions welcome |
| **In Production** | Used in security scanners and tools |

## Installation

### From PyPI (Recommended)
```bash
pip install brs-kb
```

### From Source
```bash
git clone https://github.com/EPTLLC/BRS-KB.git
cd BRS-KB
pip install -e .
```

### For Developers
```bash
git clone https://github.com/EPTLLC/BRS-KB.git
cd BRS-KB
pip install -e ".[dev]"
```

**Requirements:** Python 3.8+ • No external dependencies

## Publishing to PyPI

### One-time Setup
```bash
# Setup PyPI configuration (one time only)
python3 scripts/publish.py setup

# Test publication process
python3 scripts/test_publish.py
```

### Publishing New Version
```bash
# Build and publish to PyPI
python3 scripts/publish.py

# Or manually:
python3 -m build
twine check dist/*
twine upload dist/*
```

## Quick Start

```python
from brs_kb import get_vulnerability_details, list_contexts

# Get detailed XSS context information
details = get_vulnerability_details('html_content')

print(details['title'])        # Cross-Site Scripting (XSS) in HTML Content
print(details['severity'])     # critical
print(details['cvss_score'])   # 8.8
print(details['cwe'])          # ['CWE-79']
print(details['owasp'])        # ['A03:2021']

# List all available contexts
contexts = list_contexts()
# ['css_context', 'default', 'dom_xss', 'html_attribute', ...]
```

## Available Contexts

<details>
<summary><b>27 XSS Vulnerability Contexts</b> (click to expand)</summary>

### Core HTML Contexts
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `html_content` | XSS in HTML body/content | 407 | Critical | 8.8 |
| `html_attribute` | XSS in HTML attributes | 538 | Critical | 8.8 |
| `html_comment` | XSS in HTML comments | 77 | Medium | 5.4 |

### JavaScript Contexts
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `javascript_context` | Direct JavaScript injection | 645 | Critical | 9.0 |
| `js_string` | JavaScript string injection | 628 | Critical | 8.8 |
| `js_object` | JavaScript object injection | 628 | High | 7.8 |

### Style & Markup
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `css_context` | CSS injection & style attrs | 684 | High | 7.1 |
| `svg_context` | SVG-based XSS vectors | 297 | High | 7.3 |
| `markdown_context` | Markdown rendering XSS | 110 | Medium | 6.1 |

### Data Formats
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `json_value` | JSON context XSS | 81 | Medium | 6.5 |
| `xml_content` | XML/XHTML XSS vectors | 90 | High | 7.1 |

### Advanced Vectors
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `url_context` | URL/protocol-based XSS | 554 | High | 7.5 |
| `dom_xss` | DOM-based XSS (client-side) | 359 | High | 7.4 |
| `template_injection` | Client-side template injection | 116 | Critical | 8.6 |
| `postmessage_xss` | PostMessage API vulnerabilities | 134 | High | 7.4 |
| `wasm_context` | WebAssembly context XSS | 119 | Medium | 6.8 |

### Modern Web Technologies (NEW)
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `websocket_xss` | WebSocket real-time XSS | 431 | High | 7.5 |
| `service_worker_xss` | Service Worker injection | 557 | High | 7.8 |
| `webrtc_xss` | WebRTC P2P communication XSS | 565 | High | 7.6 |
| `indexeddb_xss` | IndexedDB storage XSS | 577 | Medium | 6.5 |
| `webgl_xss` | WebGL shader injection | 611 | Medium | 6.1 |
| `shadow_dom_xss` | Shadow DOM encapsulation bypass | 539 | High | 7.3 |
| `custom_elements_xss` | Custom Elements XSS | 590 | High | 7.1 |
| `http2_push_xss` | HTTP/2 Server Push XSS | 558 | Medium | 6.8 |
| `graphql_xss` | GraphQL API injection | 642 | High | 7.4 |
| `iframe_sandbox_xss` | iframe sandbox bypass | 591 | Medium | 6.3 |

### Fallback
| Context | Description | Lines | Severity | CVSS |
|---------|-------------|-------|----------|------|
| `default` | Generic XSS information | 165 | High | 7.1 |

</details>

## Features

### Metadata Structure

Each context includes security metadata:

```python
{
    # Core Information
    "title": "Cross-Site Scripting (XSS) in HTML Content",
    "description": "Detailed vulnerability explanation...",
    "attack_vector": "Real-world attack techniques...",
    "remediation": "Actionable security measures...",
    
    # Security Metadata
    "severity": "critical",           # low | medium | high | critical
    "cvss_score": 8.8,                # CVSS 3.1 base score
    "cvss_vector": "CVSS:3.1/...",    # Full CVSS vector string
    "reliability": "certain",         # tentative | firm | certain
    "cwe": ["CWE-79"],                # CWE identifiers
    "owasp": ["A03:2021"],            # OWASP Top 10 mapping
    "tags": ["xss", "html", "reflected"]  # Classification tags
}
```

### Enhanced Reverse Mapping System

Advanced payload analysis with automatic context detection and ML-ready features:

```python
from brs_kb.reverse_map import find_contexts_for_payload, get_defenses_for_context, predict_contexts_ml_ready

# Automatic context detection with confidence scoring
info = find_contexts_for_payload("<script>alert(1)</script>")
# → {'contexts': ['html_content'],
#    'severity': 'critical',
#    'confidence': 1.0,
#    'analysis_method': 'pattern_matching',
#    'matched_patterns': 1}

# Modern XSS context detection
websocket_info = find_contexts_for_payload('WebSocket("wss://evil.com")')
# → {'contexts': ['websocket_xss'], 'severity': 'high', 'confidence': 1.0}

# ML-ready analysis with feature extraction
ml_analysis = predict_contexts_ml_ready('<script>alert(document.cookie)</script>')
# → {'contexts': ['html_content'], 'features': {'length': 39, 'has_script': True, ...}}

# Enhanced defense mapping with modern techniques
defenses = get_defenses_for_context('websocket_xss')
# → [{'defense': 'input_validation', 'priority': 1, 'required': True, 'tags': ['websocket']},
#     {'defense': 'csp', 'priority': 1, 'required': True, 'tags': ['policy']}, ...]
```

## CLI Tool

BRS-KB includes a comprehensive command-line interface for security research and testing:

```bash
# Install the package
pip install brs-kb

# Show all available commands
brs-kb --help

# Show system information
brs-kb info

# List all XSS contexts
brs-kb list-contexts

# Get detailed information about a context
brs-kb get-context websocket_xss

# Analyze a payload
brs-kb analyze-payload "<script>alert(1)</script>"

# Search payloads in database
brs-kb search-payloads websocket --limit 5

# Test payload effectiveness
brs-kb test-payload "<script>alert(1)</script>" html_content

# Generate comprehensive report
brs-kb generate-report

# Validate database integrity
brs-kb validate

# Export data
brs-kb export contexts --format json --output contexts.json
```

**Available Commands:**
- `info` - Show system information and statistics
- `list-contexts` - List all available XSS contexts with severity
- `get-context <name>` - Get detailed vulnerability information
- `analyze-payload <payload>` - Analyze payload with reverse mapping
- `search-payloads <query>` - Search payload database with relevance scoring
- `test-payload <payload> <context>` - Test payload effectiveness in context
- `generate-report` - Generate comprehensive system analysis
- `validate` - Validate payload database integrity
- `export <type> --format <format>` - Export data (payloads, contexts, reports)

## Usage

### 1. Security Scanner Integration

```python
from brs_kb import get_vulnerability_details

def enrich_finding(context_type, url, payload):
    kb_data = get_vulnerability_details(context_type)
    
    return {
        'url': url,
        'payload': payload,
        'title': kb_data['title'],
        'severity': kb_data['severity'],
        'cvss_score': kb_data['cvss_score'],
        'cwe': kb_data['cwe'],
        'description': kb_data['description'],
        'remediation': kb_data['remediation']
    }

# Use in scanner
finding = enrich_finding('dom_xss', 'https://target.com/app', 'location.hash')
```

### 2. SIEM/SOC Integration

```python
from brs_kb import get_vulnerability_details

def create_security_event(context, source_ip, target_url):
    kb = get_vulnerability_details(context)
    
    return {
        'event_type': 'xss_detection',
        'severity': kb['severity'],
        'cvss_score': kb['cvss_score'],
        'cvss_vector': kb['cvss_vector'],
        'cwe': kb['cwe'],
        'owasp': kb['owasp'],
        'source_ip': source_ip,
        'target': target_url,
        'requires_action': kb['severity'] in ['critical', 'high']
    }
```

### 3. Bug Bounty Reporting

```python
from brs_kb import get_vulnerability_details

def generate_report(context, url, payload):
    kb = get_vulnerability_details(context)
    
    return f"""
# {kb['title']}

**Severity**: {kb['severity'].upper()} (CVSS {kb['cvss_score']})
**CWE**: {', '.join(kb['cwe'])}

## Vulnerable URL
{url}

## Proof of Concept
```
{payload}
```

## Description
{kb['description']}

## Remediation
{kb['remediation']}
"""
```

### 4. Training & Education

```python
from brs_kb import list_contexts, get_vulnerability_details

# Create XSS learning materials
for context in list_contexts():
    details = get_vulnerability_details(context)
    
    print(f"Context: {context}")
    print(f"Severity: {details.get('severity', 'N/A')}")
    print(f"Attack vectors: {details['attack_vector'][:200]}...")
    print("-" * 80)
```

## Security Scanner Plugins

BRS-KB includes plugins for popular security testing tools:

### 🛡️ Burp Suite Plugin
- Real-time XSS payload analysis during proxying
- Automatic context detection for intercepted requests
- Integration with 27 XSS contexts
- Professional security team interface

**Installation:** Copy `plugins/burp_suite/BRSKBExtension.java` to Burp extensions

### ⚡ OWASP ZAP Integration
- Automated XSS scanning with BRS-KB intelligence
- Context-aware payload injection
- WAF bypass technique detection
- Professional security workflow support

**Installation:** Load `plugins/owasp_zap/brs_kb_zap.py` in ZAP scripts

### 🎯 Nuclei Templates
- 200+ categorized XSS payloads
- Context-specific testing (27 XSS contexts)
- WAF bypass technique detection
- Modern web technology testing

**Installation:** Copy templates to Nuclei templates directory

### 📊 SIEM Integration
BRS-KB integrates with enterprise SIEM systems for real-time monitoring:

#### 🔍 Splunk Integration
- Real-time XSS vulnerability data ingestion
- Custom dashboards for XSS context analysis
- Alerting rules for critical vulnerabilities
- Historical trend analysis

**Installation:** Copy `siem_connectors/splunk/brs_kb_app.tar.gz` to Splunk apps directory

#### 📊 Elasticsearch Integration
- Logstash/Beats integration for BRS-KB data
- Kibana dashboards for XSS analysis
- Machine learning anomaly detection
- Elasticsearch Watcher alerting

**Installation:** Deploy Logstash configuration from `siem_connectors/elastic/`

#### 📋 Graylog Integration
- GELF integration for real-time log ingestion
- Custom dashboards and widgets
- Alerting rules and notifications
- Stream processing for XSS events

**Installation:** Import content pack from `siem_connectors/graylog/`

See [siem_connectors/README.md](siem_connectors/README.md) for detailed installation and usage instructions.

## CI/CD Pipeline

BRS-KB includes comprehensive CI/CD configurations for automated testing and deployment:

### 🔄 GitLab CI (`.gitlab-ci.yml`)
- Multi-Python version testing (3.8-3.12)
- Code quality checks and security scanning
- Package building and PyPI deployment
- Performance testing and coverage reporting

### 🔄 GitLab CI (`.gitlab-ci.yml`) - Advanced Configuration
- Parallel testing across Python versions
- Package building and deployment
- Documentation deployment (GitLab Pages)
- Performance and security testing

### 🔄 Jenkins Pipeline (`Jenkinsfile`)
- Declarative pipeline with parallel execution
- Artifact management and deployment
- Notification integration and reporting
- Enterprise-grade pipeline management

### ⚙️ Setup Script (`scripts/setup_cicd.py`)
Automated CI/CD pipeline setup and configuration.

**Quick Setup:**
```bash
python3 scripts/setup_cicd.py
```

See [DEVELOPMENT_PLAN.md](DEVELOPMENT_PLAN.md) for detailed CI/CD documentation.

## Multi-Language Documentation

BRS-KB includes comprehensive documentation in multiple languages:

### 🌍 Available Languages
- **🇺🇸 English** - Primary documentation (this file)
- **🇷🇺 Русский** - [docs/README.ru.md](docs/README.ru.md)
- **🇨🇳 中文** - [docs/README.zh.md](docs/README.zh.md)
- **🇪🇸 Español** - [docs/README.es.md](docs/README.es.md)

### 🔄 Language Switching
Use the CLI to switch between languages:

```bash
brs-kb language ru     # Switch to Russian
brs-kb language zh     # Switch to Chinese
brs-kb language es     # Switch to Spanish
brs-kb language en     # Switch to English
brs-kb language --list # List all supported languages
```

All documentation includes localized examples, cultural context, and region-specific attack vectors.

### 🌐 Web UI Localization
The Web UI also supports full localization in all 4 languages with:
- Localized interface elements
- Context-specific examples in each language
- Cultural adaptation for security terminology
- Region-specific attack vector descriptions

## Web UI

BRS-KB includes a modern React-based web interface for visual exploration and testing:

### 🌐 Web Interface (`web_ui/`)
**BRSKB Web UI** - Modern React-based web interface

**Features:**
- Visual exploration of 27 XSS contexts
- Interactive playground for payload testing
- Real-time statistics dashboard
- Multi-language support (EN, RU, CN, ES)
- Responsive design for all devices

**Installation:**
```bash
cd web_ui
npm install
npm start
```

**Access:** `http://localhost:3000` after starting development server

See [web_ui/README.md](web_ui/README.md) for detailed Web UI documentation.

## Examples

See [examples/](examples/) directory for integration examples:

| Example | Description |
|---------|-------------|
| [`basic_usage.py`](examples/basic_usage.py) | Basic API usage and functionality |
| [`scanner_integration.py`](examples/scanner_integration.py) | Integration into security scanners |
| [`reverse_mapping.py`](examples/reverse_mapping.py) | Enhanced reverse mapping with ML-ready features |
| [`payload_database.py`](examples/payload_database.py) | 200+ payload database with testing API |
| [`cli_demo.py`](examples/cli_demo.py) | Command-line interface demonstration |
| [`plugin_demo.py`](examples/plugin_demo.py) | Security scanner plugin integration |
| [`cicd_demo.py`](examples/cicd_demo.py) | CI/CD pipeline demonstration |
| [`multilanguage_demo.py`](examples/multilanguage_demo.py) | Multi-language support demonstration |
| [`integrated_demo.py`](examples/integrated_demo.py) | Complete system integration showcase |

**Run examples:**
```bash
# Python examples
python3 examples/basic_usage.py
python3 examples/scanner_integration.py
python3 examples/cli_demo.py
python3 examples/plugin_demo.py
python3 examples/integrated_demo.py

# CLI commands
brs-kb info                    # System information
brs-kb list-contexts           # All XSS contexts
brs-kb get-context websocket_xss  # Context details
brs-kb analyze-payload "<script>alert(1)</script>"  # Payload analysis
brs-kb search-payloads websocket --limit 5  # Search payloads
brs-kb test-payload "<script>alert(1)</script>" html_content  # Test effectiveness
brs-kb generate-report         # Comprehensive report
brs-kb validate                # Database validation
brs-kb export contexts --format json  # Export data

# Security scanner integration
nuclei -t plugins/nuclei/templates/brs-kb-xss.yaml -u https://target.com

# SIEM integration
python3 siem_connectors/splunk/brs_kb_splunk_connector.py --api-key YOUR_KEY --splunk-url https://splunk.company.com:8088

# CI/CD pipeline
python3 scripts/setup_cicd.py

# Multi-language support
brs-kb language ru
brs-kb language --list
```

## API Reference

### Core Functions

#### `get_vulnerability_details(context: str) -> Dict[str, Any]`
Get detailed information about a vulnerability context.

```python
details = get_vulnerability_details('html_content')
```

#### `list_contexts() -> List[str]`
Get list of all available contexts.

```python
contexts = list_contexts()  # ['css_context', 'default', 'dom_xss', ...]
```

#### `get_kb_info() -> Dict[str, Any]`
Get knowledge base information (version, build, contexts count).

```python
info = get_kb_info()
print(f"Version: {info['version']}, Total contexts: {info['total_contexts']}")
```

#### `get_kb_version() -> str`
Get version string.

```python
version = get_kb_version()  # "1.0.0"
```

### Enhanced Reverse Mapping Functions

Import from `brs_kb.reverse_map`:

#### `find_contexts_for_payload(payload: str) -> Dict`
Advanced payload analysis with automatic context detection and confidence scoring.

#### `predict_contexts_ml_ready(payload: str) -> Dict`
ML-ready analysis with feature extraction for future machine learning integration.

#### `get_defenses_for_context(context: str) -> List[Dict]`
Get recommended defenses for a context with enhanced metadata and implementation details.

#### `get_defense_info(defense: str) -> Dict`
Get comprehensive information about a defense mechanism including bypass difficulty and tags.

#### `analyze_payload_with_patterns(payload: str) -> List[Tuple]`
Analyze payload against pattern database returning matches with confidence scores.

#### `get_reverse_map_info() -> Dict`
Get reverse mapping system information including version, capabilities, and statistics.

#### `reverse_lookup(query_type: str, query: str) -> Dict`
Universal lookup function supporting payload, context, defense, and pattern queries.

### Payload Database Functions

#### `get_payloads_by_context(context: str) -> List[Dict]`
Get all payloads effective in a specific context.

#### `get_payloads_by_severity(severity: str) -> List[Dict]`
Get all payloads by severity level.

#### `search_payloads(query: str) -> List[Dict]`
Search payloads with relevance scoring.

#### `test_payload_in_context(payload: str, context: str) -> Dict`
Test payload effectiveness in specific context.

#### `get_database_info() -> Dict`
Get payload database statistics and information.

### CLI Tool Functions

#### `get_cli() -> BRSKBCLI`
Get CLI instance for programmatic use.

**CLI Commands:**
- `brs-kb info` - System information
- `brs-kb list-contexts` - List all XSS contexts
- `brs-kb get-context <name>` - Context details
- `brs-kb analyze-payload <payload>` - Payload analysis
- `brs-kb search-payloads <query>` - Search payloads
- `brs-kb test-payload <payload> <context>` - Test effectiveness
- `brs-kb generate-report` - Comprehensive report
- `brs-kb validate` - Database validation
- `brs-kb export <type>` - Export data

## Contributing

Contributions from the security community are welcome.

### Ways to Contribute

- Add new XSS contexts
- Update existing contexts with new bypasses
- Improve documentation
- Report issues or outdated information
- Share real-world examples

**Quick start:**
```bash
git clone https://github.com/EPTLLC/BRS-KB.git
cd BRS-KB
git checkout -b feature/new-context
# Make changes
pytest tests/ -v
git commit -m "Add: New context for WebSocket XSS"
git push origin feature/new-context
# Open Pull Request
```

See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines.

## Project Structure

```
BRS-KB/
├── brs_kb/                    # Main package
│   ├── __init__.py            # Core API
│   ├── schema.json            # JSON Schema validation
│   ├── reverse_map.py         # Reverse mapping system
│   ├── i18n.py                # Internationalization system
│   ├── cli.py                 # Command-line interface
│   ├── payload_testing.py     # Payload testing framework
│   ├── payloads_db.py         # Payload database
│   └── contexts/              # 27 vulnerability contexts
│       ├── html_content.py
│       ├── javascript_context.py
│       ├── websocket_xss.py
│       └── ...
├── examples/                  # Integration examples
├── tests/                     # Test suite (pytest)
├── docs/                      # Multi-language documentation
├── i18n/locales/              # Translation files
├── plugins/                   # Security scanner plugins
├── siem_connectors/           # SIEM system integrations
├── web_ui/                    # React-based web interface
├── LICENSE                    # MIT License
├── CONTRIBUTING.md            # Contribution guide
├── CHANGELOG.md               # Version history
└── README.md                  # This file
```

## Testing

```bash
# Run all tests
pytest tests/ -v

# Run with coverage (requires pytest-cov)
pytest tests/ -v --cov=brs_kb

# Run specific test
pytest tests/test_basic.py -v
```

## Statistics

| Metric | Value |
|--------|-------|
| Total Lines | ~16,500+ |
| Context Modules | 27 |
| Payload Database | 200+ |
| Multi-Language Support | ✅ |
| Web UI | ✅ |
| Reverse Mapping Patterns | 29 |
| Supported Contexts | 27 |
| Average Module Size | 418 lines |
| Test Coverage | 33 tests |
| CLI Commands | 9 commands |
| Security Scanner Plugins | 3 platforms |
| SIEM Integrations | 3 systems |
| CI/CD Pipelines | GitLab CI, Jenkins |
| Deployment Scripts | ✅ |
| Docker Support | ✅ |
| Kubernetes Support | ✅ |
| Monitoring | ✅ |
| Web UI | ✅ |
| React Frontend | ✅ |
| Responsive Design | ✅ |
| Multi-Language Support | ✅ |
| Russian Localization | ✅ |
| Chinese Localization | ✅ |
| Spanish Localization | ✅ |
| Multi-Language Documentation | ✅ |
| Global Accessibility | ✅ |
| WAF Bypass | 15+ payloads |
| External Dependencies | 0 |
| Python Version | 3.8+ |
| Code Quality | Production-ready |
| ML Ready | ✅ |
| Confidence Scoring | ✅ |
| Modern XSS Support | ✅ |
| WebSocket XSS | ✅ |
| Service Worker XSS | ✅ |
| WebRTC XSS | ✅ |
| GraphQL XSS | ✅ |
| Shadow DOM XSS | ✅ |
| Custom Elements XSS | ✅ |
| Payload Testing API | ✅ |
| WAF Bypass Detection | ✅ |
| CLI Tool | ✅ |
| Export Capabilities | ✅ |

## License

**MIT License** - Free to use in any project (commercial or non-commercial)

```
Copyright (c) 2025 EasyProTech LLC / Brabus

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction...
```

See [LICENSE](LICENSE) for full text.

## Project Info

| | |
|---|---|
| **Project** | BRS-KB (BRS XSS Knowledge Base) |
| **Company** | EasyProTech LLC |
| **Website** | [www.easypro.tech](https://www.easypro.tech) |
| **Developer** | Brabus |
| **Contact** | [https://t.me/easyprotech](https://t.me/easyprotech) |
| **Repository** | [https://github.com/EPTLLC/BRS-KB](https://github.com/EPTLLC/BRS-KB) |
| **License** | MIT |
| **Status** | Production-Ready |
| **Version** | 1.1.0 |

## Related Projects

- **[BRS-XSS](https://github.com/EPTLLC/brs-xss)** - Advanced XSS Scanner (uses BRS-KB)

## Support Policy

**NO OFFICIAL SUPPORT PROVIDED**

This is a community-driven project. While we welcome contributions:
- Use GitHub Issues for bug reports
- Use Pull Requests for contributions
- No SLA or guaranteed response time

This project is maintained by the community.

## Acknowledgments

- Security researchers who contribute knowledge
- Open-source community for support
- Everyone who reports issues and improvements

---

<div align="center">

**Open Source XSS Knowledge Base**

*MIT License • Python 3.8+ • Zero Dependencies*

---

<div align="center">

⭐ **Star this repo to support the BRS project family**

[Star on GitHub](https://github.com/EPTLLC/BRS-KB) • [Report Bug](https://github.com/EPTLLC/BRS-KB/issues) • [Request Feature](https://github.com/EPTLLC/BRS-KB/issues)

</div>

</div>

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "brs-kb",
    "maintainer": "EasyProTech LLC",
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": "xss, security, vulnerability, knowledge-base, penetration-testing, web-security, owasp, cwe, cvss, red-team, bug-bounty",
    "author": "Brabus",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/81/6e/c0a26f8f4bb60271eedda554ac5e554e8e001afe851bc519a3e483cb2446/brs_kb-1.1.0.tar.gz",
    "platform": null,
    "description": "<div align=\"center\">\n\n# BRS-KB\n\n### Community XSS Knowledge Base\n\n**Open Knowledge for Security Community**\n\n_Advanced XSS Intelligence Database for Researchers and Scanners_\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)\n[![PyPI](https://img.shields.io/pypi/v/brs-kb.svg)](https://pypi.org/project/brs-kb/)\n[![Version](https://img.shields.io/badge/version-1.1.0-green.svg)](https://github.com/EPTLLC/BRS-KB)\n[![Code Size](https://img.shields.io/badge/code-8.5k%20lines-brightgreen.svg)]()\n[![Contexts](https://img.shields.io/badge/contexts-27-orange.svg)]()\n[![Tests](https://img.shields.io/badge/tests-passing-success.svg)]()\n\n## Table of Contents\n\n- [Why BRS-KB?](#-why-brs-kb)\n- [Installation](#-installation)\n- [Quick Start](#-quick-start)\n- [Available Contexts](#-available-contexts)\n- [Features](#-features)\n- [CLI Tool](#-cli-tool)\n- [Security Scanner Plugins](#-security-scanner-plugins)\n- [SIEM Integration](#-siem-integration)\n- [CI/CD Pipeline](#-cicd-pipeline)\n- [Usage](#-usage)\n- [API Reference](#-api-reference)\n- [Examples](#-examples)\n- [Contributing](#-contributing)\n- [Project Structure](#-project-structure)\n- [Testing](#-testing)\n- [Statistics](#-statistics)\n- [License](#-license)\n- [Project Info](#-project-info)\n- [Related Projects](#-related-projects)\n- [Support Policy](#-support-policy)\n- [Acknowledgments](#-acknowledgments)\n\n---\n\nComprehensive, community-driven knowledge base for Cross-Site Scripting (XSS) vulnerabilities\n\n</div>\n\n---\n\n## Why BRS-KB?\n\n| Feature | Description |\n|---------|-------------|\n| **27 Contexts** | Covering classic and modern XSS vulnerability types |\n| **Detailed Info** | Attack vectors, bypass techniques, defense strategies |\n| **Simple API** | Python library, easy to integrate |\n| **Zero Dependencies** | Pure Python 3.8+ |\n| **SIEM Compatible** | CVSS scores, CWE/OWASP mappings, severity levels |\n| **Open Source** | MIT licensed, community contributions welcome |\n| **In Production** | Used in security scanners and tools |\n\n## Installation\n\n### From PyPI (Recommended)\n```bash\npip install brs-kb\n```\n\n### From Source\n```bash\ngit clone https://github.com/EPTLLC/BRS-KB.git\ncd BRS-KB\npip install -e .\n```\n\n### For Developers\n```bash\ngit clone https://github.com/EPTLLC/BRS-KB.git\ncd BRS-KB\npip install -e \".[dev]\"\n```\n\n**Requirements:** Python 3.8+ \u2022 No external dependencies\n\n## Publishing to PyPI\n\n### One-time Setup\n```bash\n# Setup PyPI configuration (one time only)\npython3 scripts/publish.py setup\n\n# Test publication process\npython3 scripts/test_publish.py\n```\n\n### Publishing New Version\n```bash\n# Build and publish to PyPI\npython3 scripts/publish.py\n\n# Or manually:\npython3 -m build\ntwine check dist/*\ntwine upload dist/*\n```\n\n## Quick Start\n\n```python\nfrom brs_kb import get_vulnerability_details, list_contexts\n\n# Get detailed XSS context information\ndetails = get_vulnerability_details('html_content')\n\nprint(details['title'])        # Cross-Site Scripting (XSS) in HTML Content\nprint(details['severity'])     # critical\nprint(details['cvss_score'])   # 8.8\nprint(details['cwe'])          # ['CWE-79']\nprint(details['owasp'])        # ['A03:2021']\n\n# List all available contexts\ncontexts = list_contexts()\n# ['css_context', 'default', 'dom_xss', 'html_attribute', ...]\n```\n\n## Available Contexts\n\n<details>\n<summary><b>27 XSS Vulnerability Contexts</b> (click to expand)</summary>\n\n### Core HTML Contexts\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `html_content` | XSS in HTML body/content | 407 | Critical | 8.8 |\n| `html_attribute` | XSS in HTML attributes | 538 | Critical | 8.8 |\n| `html_comment` | XSS in HTML comments | 77 | Medium | 5.4 |\n\n### JavaScript Contexts\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `javascript_context` | Direct JavaScript injection | 645 | Critical | 9.0 |\n| `js_string` | JavaScript string injection | 628 | Critical | 8.8 |\n| `js_object` | JavaScript object injection | 628 | High | 7.8 |\n\n### Style & Markup\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `css_context` | CSS injection & style attrs | 684 | High | 7.1 |\n| `svg_context` | SVG-based XSS vectors | 297 | High | 7.3 |\n| `markdown_context` | Markdown rendering XSS | 110 | Medium | 6.1 |\n\n### Data Formats\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `json_value` | JSON context XSS | 81 | Medium | 6.5 |\n| `xml_content` | XML/XHTML XSS vectors | 90 | High | 7.1 |\n\n### Advanced Vectors\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `url_context` | URL/protocol-based XSS | 554 | High | 7.5 |\n| `dom_xss` | DOM-based XSS (client-side) | 359 | High | 7.4 |\n| `template_injection` | Client-side template injection | 116 | Critical | 8.6 |\n| `postmessage_xss` | PostMessage API vulnerabilities | 134 | High | 7.4 |\n| `wasm_context` | WebAssembly context XSS | 119 | Medium | 6.8 |\n\n### Modern Web Technologies (NEW)\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `websocket_xss` | WebSocket real-time XSS | 431 | High | 7.5 |\n| `service_worker_xss` | Service Worker injection | 557 | High | 7.8 |\n| `webrtc_xss` | WebRTC P2P communication XSS | 565 | High | 7.6 |\n| `indexeddb_xss` | IndexedDB storage XSS | 577 | Medium | 6.5 |\n| `webgl_xss` | WebGL shader injection | 611 | Medium | 6.1 |\n| `shadow_dom_xss` | Shadow DOM encapsulation bypass | 539 | High | 7.3 |\n| `custom_elements_xss` | Custom Elements XSS | 590 | High | 7.1 |\n| `http2_push_xss` | HTTP/2 Server Push XSS | 558 | Medium | 6.8 |\n| `graphql_xss` | GraphQL API injection | 642 | High | 7.4 |\n| `iframe_sandbox_xss` | iframe sandbox bypass | 591 | Medium | 6.3 |\n\n### Fallback\n| Context | Description | Lines | Severity | CVSS |\n|---------|-------------|-------|----------|------|\n| `default` | Generic XSS information | 165 | High | 7.1 |\n\n</details>\n\n## Features\n\n### Metadata Structure\n\nEach context includes security metadata:\n\n```python\n{\n    # Core Information\n    \"title\": \"Cross-Site Scripting (XSS) in HTML Content\",\n    \"description\": \"Detailed vulnerability explanation...\",\n    \"attack_vector\": \"Real-world attack techniques...\",\n    \"remediation\": \"Actionable security measures...\",\n    \n    # Security Metadata\n    \"severity\": \"critical\",           # low | medium | high | critical\n    \"cvss_score\": 8.8,                # CVSS 3.1 base score\n    \"cvss_vector\": \"CVSS:3.1/...\",    # Full CVSS vector string\n    \"reliability\": \"certain\",         # tentative | firm | certain\n    \"cwe\": [\"CWE-79\"],                # CWE identifiers\n    \"owasp\": [\"A03:2021\"],            # OWASP Top 10 mapping\n    \"tags\": [\"xss\", \"html\", \"reflected\"]  # Classification tags\n}\n```\n\n### Enhanced Reverse Mapping System\n\nAdvanced payload analysis with automatic context detection and ML-ready features:\n\n```python\nfrom brs_kb.reverse_map import find_contexts_for_payload, get_defenses_for_context, predict_contexts_ml_ready\n\n# Automatic context detection with confidence scoring\ninfo = find_contexts_for_payload(\"<script>alert(1)</script>\")\n# \u2192 {'contexts': ['html_content'],\n#    'severity': 'critical',\n#    'confidence': 1.0,\n#    'analysis_method': 'pattern_matching',\n#    'matched_patterns': 1}\n\n# Modern XSS context detection\nwebsocket_info = find_contexts_for_payload('WebSocket(\"wss://evil.com\")')\n# \u2192 {'contexts': ['websocket_xss'], 'severity': 'high', 'confidence': 1.0}\n\n# ML-ready analysis with feature extraction\nml_analysis = predict_contexts_ml_ready('<script>alert(document.cookie)</script>')\n# \u2192 {'contexts': ['html_content'], 'features': {'length': 39, 'has_script': True, ...}}\n\n# Enhanced defense mapping with modern techniques\ndefenses = get_defenses_for_context('websocket_xss')\n# \u2192 [{'defense': 'input_validation', 'priority': 1, 'required': True, 'tags': ['websocket']},\n#     {'defense': 'csp', 'priority': 1, 'required': True, 'tags': ['policy']}, ...]\n```\n\n## CLI Tool\n\nBRS-KB includes a comprehensive command-line interface for security research and testing:\n\n```bash\n# Install the package\npip install brs-kb\n\n# Show all available commands\nbrs-kb --help\n\n# Show system information\nbrs-kb info\n\n# List all XSS contexts\nbrs-kb list-contexts\n\n# Get detailed information about a context\nbrs-kb get-context websocket_xss\n\n# Analyze a payload\nbrs-kb analyze-payload \"<script>alert(1)</script>\"\n\n# Search payloads in database\nbrs-kb search-payloads websocket --limit 5\n\n# Test payload effectiveness\nbrs-kb test-payload \"<script>alert(1)</script>\" html_content\n\n# Generate comprehensive report\nbrs-kb generate-report\n\n# Validate database integrity\nbrs-kb validate\n\n# Export data\nbrs-kb export contexts --format json --output contexts.json\n```\n\n**Available Commands:**\n- `info` - Show system information and statistics\n- `list-contexts` - List all available XSS contexts with severity\n- `get-context <name>` - Get detailed vulnerability information\n- `analyze-payload <payload>` - Analyze payload with reverse mapping\n- `search-payloads <query>` - Search payload database with relevance scoring\n- `test-payload <payload> <context>` - Test payload effectiveness in context\n- `generate-report` - Generate comprehensive system analysis\n- `validate` - Validate payload database integrity\n- `export <type> --format <format>` - Export data (payloads, contexts, reports)\n\n## Usage\n\n### 1. Security Scanner Integration\n\n```python\nfrom brs_kb import get_vulnerability_details\n\ndef enrich_finding(context_type, url, payload):\n    kb_data = get_vulnerability_details(context_type)\n    \n    return {\n        'url': url,\n        'payload': payload,\n        'title': kb_data['title'],\n        'severity': kb_data['severity'],\n        'cvss_score': kb_data['cvss_score'],\n        'cwe': kb_data['cwe'],\n        'description': kb_data['description'],\n        'remediation': kb_data['remediation']\n    }\n\n# Use in scanner\nfinding = enrich_finding('dom_xss', 'https://target.com/app', 'location.hash')\n```\n\n### 2. SIEM/SOC Integration\n\n```python\nfrom brs_kb import get_vulnerability_details\n\ndef create_security_event(context, source_ip, target_url):\n    kb = get_vulnerability_details(context)\n    \n    return {\n        'event_type': 'xss_detection',\n        'severity': kb['severity'],\n        'cvss_score': kb['cvss_score'],\n        'cvss_vector': kb['cvss_vector'],\n        'cwe': kb['cwe'],\n        'owasp': kb['owasp'],\n        'source_ip': source_ip,\n        'target': target_url,\n        'requires_action': kb['severity'] in ['critical', 'high']\n    }\n```\n\n### 3. Bug Bounty Reporting\n\n```python\nfrom brs_kb import get_vulnerability_details\n\ndef generate_report(context, url, payload):\n    kb = get_vulnerability_details(context)\n    \n    return f\"\"\"\n# {kb['title']}\n\n**Severity**: {kb['severity'].upper()} (CVSS {kb['cvss_score']})\n**CWE**: {', '.join(kb['cwe'])}\n\n## Vulnerable URL\n{url}\n\n## Proof of Concept\n```\n{payload}\n```\n\n## Description\n{kb['description']}\n\n## Remediation\n{kb['remediation']}\n\"\"\"\n```\n\n### 4. Training & Education\n\n```python\nfrom brs_kb import list_contexts, get_vulnerability_details\n\n# Create XSS learning materials\nfor context in list_contexts():\n    details = get_vulnerability_details(context)\n    \n    print(f\"Context: {context}\")\n    print(f\"Severity: {details.get('severity', 'N/A')}\")\n    print(f\"Attack vectors: {details['attack_vector'][:200]}...\")\n    print(\"-\" * 80)\n```\n\n## Security Scanner Plugins\n\nBRS-KB includes plugins for popular security testing tools:\n\n### \ud83d\udee1\ufe0f Burp Suite Plugin\n- Real-time XSS payload analysis during proxying\n- Automatic context detection for intercepted requests\n- Integration with 27 XSS contexts\n- Professional security team interface\n\n**Installation:** Copy `plugins/burp_suite/BRSKBExtension.java` to Burp extensions\n\n### \u26a1 OWASP ZAP Integration\n- Automated XSS scanning with BRS-KB intelligence\n- Context-aware payload injection\n- WAF bypass technique detection\n- Professional security workflow support\n\n**Installation:** Load `plugins/owasp_zap/brs_kb_zap.py` in ZAP scripts\n\n### \ud83c\udfaf Nuclei Templates\n- 200+ categorized XSS payloads\n- Context-specific testing (27 XSS contexts)\n- WAF bypass technique detection\n- Modern web technology testing\n\n**Installation:** Copy templates to Nuclei templates directory\n\n### \ud83d\udcca SIEM Integration\nBRS-KB integrates with enterprise SIEM systems for real-time monitoring:\n\n#### \ud83d\udd0d Splunk Integration\n- Real-time XSS vulnerability data ingestion\n- Custom dashboards for XSS context analysis\n- Alerting rules for critical vulnerabilities\n- Historical trend analysis\n\n**Installation:** Copy `siem_connectors/splunk/brs_kb_app.tar.gz` to Splunk apps directory\n\n#### \ud83d\udcca Elasticsearch Integration\n- Logstash/Beats integration for BRS-KB data\n- Kibana dashboards for XSS analysis\n- Machine learning anomaly detection\n- Elasticsearch Watcher alerting\n\n**Installation:** Deploy Logstash configuration from `siem_connectors/elastic/`\n\n#### \ud83d\udccb Graylog Integration\n- GELF integration for real-time log ingestion\n- Custom dashboards and widgets\n- Alerting rules and notifications\n- Stream processing for XSS events\n\n**Installation:** Import content pack from `siem_connectors/graylog/`\n\nSee [siem_connectors/README.md](siem_connectors/README.md) for detailed installation and usage instructions.\n\n## CI/CD Pipeline\n\nBRS-KB includes comprehensive CI/CD configurations for automated testing and deployment:\n\n### \ud83d\udd04 GitLab CI (`.gitlab-ci.yml`)\n- Multi-Python version testing (3.8-3.12)\n- Code quality checks and security scanning\n- Package building and PyPI deployment\n- Performance testing and coverage reporting\n\n### \ud83d\udd04 GitLab CI (`.gitlab-ci.yml`) - Advanced Configuration\n- Parallel testing across Python versions\n- Package building and deployment\n- Documentation deployment (GitLab Pages)\n- Performance and security testing\n\n### \ud83d\udd04 Jenkins Pipeline (`Jenkinsfile`)\n- Declarative pipeline with parallel execution\n- Artifact management and deployment\n- Notification integration and reporting\n- Enterprise-grade pipeline management\n\n### \u2699\ufe0f Setup Script (`scripts/setup_cicd.py`)\nAutomated CI/CD pipeline setup and configuration.\n\n**Quick Setup:**\n```bash\npython3 scripts/setup_cicd.py\n```\n\nSee [DEVELOPMENT_PLAN.md](DEVELOPMENT_PLAN.md) for detailed CI/CD documentation.\n\n## Multi-Language Documentation\n\nBRS-KB includes comprehensive documentation in multiple languages:\n\n### \ud83c\udf0d Available Languages\n- **\ud83c\uddfa\ud83c\uddf8 English** - Primary documentation (this file)\n- **\ud83c\uddf7\ud83c\uddfa \u0420\u0443\u0441\u0441\u043a\u0438\u0439** - [docs/README.ru.md](docs/README.ru.md)\n- **\ud83c\udde8\ud83c\uddf3 \u4e2d\u6587** - [docs/README.zh.md](docs/README.zh.md)\n- **\ud83c\uddea\ud83c\uddf8 Espa\u00f1ol** - [docs/README.es.md](docs/README.es.md)\n\n### \ud83d\udd04 Language Switching\nUse the CLI to switch between languages:\n\n```bash\nbrs-kb language ru     # Switch to Russian\nbrs-kb language zh     # Switch to Chinese\nbrs-kb language es     # Switch to Spanish\nbrs-kb language en     # Switch to English\nbrs-kb language --list # List all supported languages\n```\n\nAll documentation includes localized examples, cultural context, and region-specific attack vectors.\n\n### \ud83c\udf10 Web UI Localization\nThe Web UI also supports full localization in all 4 languages with:\n- Localized interface elements\n- Context-specific examples in each language\n- Cultural adaptation for security terminology\n- Region-specific attack vector descriptions\n\n## Web UI\n\nBRS-KB includes a modern React-based web interface for visual exploration and testing:\n\n### \ud83c\udf10 Web Interface (`web_ui/`)\n**BRSKB Web UI** - Modern React-based web interface\n\n**Features:**\n- Visual exploration of 27 XSS contexts\n- Interactive playground for payload testing\n- Real-time statistics dashboard\n- Multi-language support (EN, RU, CN, ES)\n- Responsive design for all devices\n\n**Installation:**\n```bash\ncd web_ui\nnpm install\nnpm start\n```\n\n**Access:** `http://localhost:3000` after starting development server\n\nSee [web_ui/README.md](web_ui/README.md) for detailed Web UI documentation.\n\n## Examples\n\nSee [examples/](examples/) directory for integration examples:\n\n| Example | Description |\n|---------|-------------|\n| [`basic_usage.py`](examples/basic_usage.py) | Basic API usage and functionality |\n| [`scanner_integration.py`](examples/scanner_integration.py) | Integration into security scanners |\n| [`reverse_mapping.py`](examples/reverse_mapping.py) | Enhanced reverse mapping with ML-ready features |\n| [`payload_database.py`](examples/payload_database.py) | 200+ payload database with testing API |\n| [`cli_demo.py`](examples/cli_demo.py) | Command-line interface demonstration |\n| [`plugin_demo.py`](examples/plugin_demo.py) | Security scanner plugin integration |\n| [`cicd_demo.py`](examples/cicd_demo.py) | CI/CD pipeline demonstration |\n| [`multilanguage_demo.py`](examples/multilanguage_demo.py) | Multi-language support demonstration |\n| [`integrated_demo.py`](examples/integrated_demo.py) | Complete system integration showcase |\n\n**Run examples:**\n```bash\n# Python examples\npython3 examples/basic_usage.py\npython3 examples/scanner_integration.py\npython3 examples/cli_demo.py\npython3 examples/plugin_demo.py\npython3 examples/integrated_demo.py\n\n# CLI commands\nbrs-kb info                    # System information\nbrs-kb list-contexts           # All XSS contexts\nbrs-kb get-context websocket_xss  # Context details\nbrs-kb analyze-payload \"<script>alert(1)</script>\"  # Payload analysis\nbrs-kb search-payloads websocket --limit 5  # Search payloads\nbrs-kb test-payload \"<script>alert(1)</script>\" html_content  # Test effectiveness\nbrs-kb generate-report         # Comprehensive report\nbrs-kb validate                # Database validation\nbrs-kb export contexts --format json  # Export data\n\n# Security scanner integration\nnuclei -t plugins/nuclei/templates/brs-kb-xss.yaml -u https://target.com\n\n# SIEM integration\npython3 siem_connectors/splunk/brs_kb_splunk_connector.py --api-key YOUR_KEY --splunk-url https://splunk.company.com:8088\n\n# CI/CD pipeline\npython3 scripts/setup_cicd.py\n\n# Multi-language support\nbrs-kb language ru\nbrs-kb language --list\n```\n\n## API Reference\n\n### Core Functions\n\n#### `get_vulnerability_details(context: str) -> Dict[str, Any]`\nGet detailed information about a vulnerability context.\n\n```python\ndetails = get_vulnerability_details('html_content')\n```\n\n#### `list_contexts() -> List[str]`\nGet list of all available contexts.\n\n```python\ncontexts = list_contexts()  # ['css_context', 'default', 'dom_xss', ...]\n```\n\n#### `get_kb_info() -> Dict[str, Any]`\nGet knowledge base information (version, build, contexts count).\n\n```python\ninfo = get_kb_info()\nprint(f\"Version: {info['version']}, Total contexts: {info['total_contexts']}\")\n```\n\n#### `get_kb_version() -> str`\nGet version string.\n\n```python\nversion = get_kb_version()  # \"1.0.0\"\n```\n\n### Enhanced Reverse Mapping Functions\n\nImport from `brs_kb.reverse_map`:\n\n#### `find_contexts_for_payload(payload: str) -> Dict`\nAdvanced payload analysis with automatic context detection and confidence scoring.\n\n#### `predict_contexts_ml_ready(payload: str) -> Dict`\nML-ready analysis with feature extraction for future machine learning integration.\n\n#### `get_defenses_for_context(context: str) -> List[Dict]`\nGet recommended defenses for a context with enhanced metadata and implementation details.\n\n#### `get_defense_info(defense: str) -> Dict`\nGet comprehensive information about a defense mechanism including bypass difficulty and tags.\n\n#### `analyze_payload_with_patterns(payload: str) -> List[Tuple]`\nAnalyze payload against pattern database returning matches with confidence scores.\n\n#### `get_reverse_map_info() -> Dict`\nGet reverse mapping system information including version, capabilities, and statistics.\n\n#### `reverse_lookup(query_type: str, query: str) -> Dict`\nUniversal lookup function supporting payload, context, defense, and pattern queries.\n\n### Payload Database Functions\n\n#### `get_payloads_by_context(context: str) -> List[Dict]`\nGet all payloads effective in a specific context.\n\n#### `get_payloads_by_severity(severity: str) -> List[Dict]`\nGet all payloads by severity level.\n\n#### `search_payloads(query: str) -> List[Dict]`\nSearch payloads with relevance scoring.\n\n#### `test_payload_in_context(payload: str, context: str) -> Dict`\nTest payload effectiveness in specific context.\n\n#### `get_database_info() -> Dict`\nGet payload database statistics and information.\n\n### CLI Tool Functions\n\n#### `get_cli() -> BRSKBCLI`\nGet CLI instance for programmatic use.\n\n**CLI Commands:**\n- `brs-kb info` - System information\n- `brs-kb list-contexts` - List all XSS contexts\n- `brs-kb get-context <name>` - Context details\n- `brs-kb analyze-payload <payload>` - Payload analysis\n- `brs-kb search-payloads <query>` - Search payloads\n- `brs-kb test-payload <payload> <context>` - Test effectiveness\n- `brs-kb generate-report` - Comprehensive report\n- `brs-kb validate` - Database validation\n- `brs-kb export <type>` - Export data\n\n## Contributing\n\nContributions from the security community are welcome.\n\n### Ways to Contribute\n\n- Add new XSS contexts\n- Update existing contexts with new bypasses\n- Improve documentation\n- Report issues or outdated information\n- Share real-world examples\n\n**Quick start:**\n```bash\ngit clone https://github.com/EPTLLC/BRS-KB.git\ncd BRS-KB\ngit checkout -b feature/new-context\n# Make changes\npytest tests/ -v\ngit commit -m \"Add: New context for WebSocket XSS\"\ngit push origin feature/new-context\n# Open Pull Request\n```\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines.\n\n## Project Structure\n\n```\nBRS-KB/\n\u251c\u2500\u2500 brs_kb/                    # Main package\n\u2502   \u251c\u2500\u2500 __init__.py            # Core API\n\u2502   \u251c\u2500\u2500 schema.json            # JSON Schema validation\n\u2502   \u251c\u2500\u2500 reverse_map.py         # Reverse mapping system\n\u2502   \u251c\u2500\u2500 i18n.py                # Internationalization system\n\u2502   \u251c\u2500\u2500 cli.py                 # Command-line interface\n\u2502   \u251c\u2500\u2500 payload_testing.py     # Payload testing framework\n\u2502   \u251c\u2500\u2500 payloads_db.py         # Payload database\n\u2502   \u2514\u2500\u2500 contexts/              # 27 vulnerability contexts\n\u2502       \u251c\u2500\u2500 html_content.py\n\u2502       \u251c\u2500\u2500 javascript_context.py\n\u2502       \u251c\u2500\u2500 websocket_xss.py\n\u2502       \u2514\u2500\u2500 ...\n\u251c\u2500\u2500 examples/                  # Integration examples\n\u251c\u2500\u2500 tests/                     # Test suite (pytest)\n\u251c\u2500\u2500 docs/                      # Multi-language documentation\n\u251c\u2500\u2500 i18n/locales/              # Translation files\n\u251c\u2500\u2500 plugins/                   # Security scanner plugins\n\u251c\u2500\u2500 siem_connectors/           # SIEM system integrations\n\u251c\u2500\u2500 web_ui/                    # React-based web interface\n\u251c\u2500\u2500 LICENSE                    # MIT License\n\u251c\u2500\u2500 CONTRIBUTING.md            # Contribution guide\n\u251c\u2500\u2500 CHANGELOG.md               # Version history\n\u2514\u2500\u2500 README.md                  # This file\n```\n\n## Testing\n\n```bash\n# Run all tests\npytest tests/ -v\n\n# Run with coverage (requires pytest-cov)\npytest tests/ -v --cov=brs_kb\n\n# Run specific test\npytest tests/test_basic.py -v\n```\n\n## Statistics\n\n| Metric | Value |\n|--------|-------|\n| Total Lines | ~16,500+ |\n| Context Modules | 27 |\n| Payload Database | 200+ |\n| Multi-Language Support | \u2705 |\n| Web UI | \u2705 |\n| Reverse Mapping Patterns | 29 |\n| Supported Contexts | 27 |\n| Average Module Size | 418 lines |\n| Test Coverage | 33 tests |\n| CLI Commands | 9 commands |\n| Security Scanner Plugins | 3 platforms |\n| SIEM Integrations | 3 systems |\n| CI/CD Pipelines | GitLab CI, Jenkins |\n| Deployment Scripts | \u2705 |\n| Docker Support | \u2705 |\n| Kubernetes Support | \u2705 |\n| Monitoring | \u2705 |\n| Web UI | \u2705 |\n| React Frontend | \u2705 |\n| Responsive Design | \u2705 |\n| Multi-Language Support | \u2705 |\n| Russian Localization | \u2705 |\n| Chinese Localization | \u2705 |\n| Spanish Localization | \u2705 |\n| Multi-Language Documentation | \u2705 |\n| Global Accessibility | \u2705 |\n| WAF Bypass | 15+ payloads |\n| External Dependencies | 0 |\n| Python Version | 3.8+ |\n| Code Quality | Production-ready |\n| ML Ready | \u2705 |\n| Confidence Scoring | \u2705 |\n| Modern XSS Support | \u2705 |\n| WebSocket XSS | \u2705 |\n| Service Worker XSS | \u2705 |\n| WebRTC XSS | \u2705 |\n| GraphQL XSS | \u2705 |\n| Shadow DOM XSS | \u2705 |\n| Custom Elements XSS | \u2705 |\n| Payload Testing API | \u2705 |\n| WAF Bypass Detection | \u2705 |\n| CLI Tool | \u2705 |\n| Export Capabilities | \u2705 |\n\n## License\n\n**MIT License** - Free to use in any project (commercial or non-commercial)\n\n```\nCopyright (c) 2025 EasyProTech LLC / Brabus\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction...\n```\n\nSee [LICENSE](LICENSE) for full text.\n\n## Project Info\n\n| | |\n|---|---|\n| **Project** | BRS-KB (BRS XSS Knowledge Base) |\n| **Company** | EasyProTech LLC |\n| **Website** | [www.easypro.tech](https://www.easypro.tech) |\n| **Developer** | Brabus |\n| **Contact** | [https://t.me/easyprotech](https://t.me/easyprotech) |\n| **Repository** | [https://github.com/EPTLLC/BRS-KB](https://github.com/EPTLLC/BRS-KB) |\n| **License** | MIT |\n| **Status** | Production-Ready |\n| **Version** | 1.1.0 |\n\n## Related Projects\n\n- **[BRS-XSS](https://github.com/EPTLLC/brs-xss)** - Advanced XSS Scanner (uses BRS-KB)\n\n## Support Policy\n\n**NO OFFICIAL SUPPORT PROVIDED**\n\nThis is a community-driven project. While we welcome contributions:\n- Use GitHub Issues for bug reports\n- Use Pull Requests for contributions\n- No SLA or guaranteed response time\n\nThis project is maintained by the community.\n\n## Acknowledgments\n\n- Security researchers who contribute knowledge\n- Open-source community for support\n- Everyone who reports issues and improvements\n\n---\n\n<div align=\"center\">\n\n**Open Source XSS Knowledge Base**\n\n*MIT License \u2022 Python 3.8+ \u2022 Zero Dependencies*\n\n---\n\n<div align=\"center\">\n\n\u2b50 **Star this repo to support the BRS project family**\n\n[Star on GitHub](https://github.com/EPTLLC/BRS-KB) \u2022 [Report Bug](https://github.com/EPTLLC/BRS-KB/issues) \u2022 [Request Feature](https://github.com/EPTLLC/BRS-KB/issues)\n\n</div>\n\n</div>\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "Community-Driven XSS Knowledge Base - Open Security Intelligence",
    "version": "1.1.0",
    "project_urls": {
        "Changelog": "https://github.com/EPTLLC/BRS-KB/blob/main/CHANGELOG.md",
        "Contact": "https://t.me/easyprotech",
        "Documentation": "https://github.com/EPTLLC/BRS-KB#readme",
        "Homepage": "https://github.com/EPTLLC/BRS-KB",
        "Issues": "https://github.com/EPTLLC/BRS-KB/issues",
        "Repository": "https://github.com/EPTLLC/BRS-KB"
    },
    "split_keywords": [
        "xss",
        " security",
        " vulnerability",
        " knowledge-base",
        " penetration-testing",
        " web-security",
        " owasp",
        " cwe",
        " cvss",
        " red-team",
        " bug-bounty"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "5098207943bcd8476bf6cac131451ff293e4c3c165bd5d5de7f7d2ea31feb645",
                "md5": "931c66f93930e53c64672e94f23c18e7",
                "sha256": "388b6cfa278e9165a4699f7ccc8674d5e32efeed447d212020ae5ac54eca6bd4"
            },
            "downloads": -1,
            "filename": "brs_kb-1.1.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "931c66f93930e53c64672e94f23c18e7",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 164524,
            "upload_time": "2025-10-25T22:52:41",
            "upload_time_iso_8601": "2025-10-25T22:52:41.606979Z",
            "url": "https://files.pythonhosted.org/packages/50/98/207943bcd8476bf6cac131451ff293e4c3c165bd5d5de7f7d2ea31feb645/brs_kb-1.1.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "816ec0a26f8f4bb60271eedda554ac5e554e8e001afe851bc519a3e483cb2446",
                "md5": "d7c5b9853e8afc728d695365f115f06d",
                "sha256": "5bca106f29b0a8a2f8b1f18a374ada513b3cd3cd6f90832c3c4cda94457800c8"
            },
            "downloads": -1,
            "filename": "brs_kb-1.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "d7c5b9853e8afc728d695365f115f06d",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 235174,
            "upload_time": "2025-10-25T22:52:43",
            "upload_time_iso_8601": "2025-10-25T22:52:43.460999Z",
            "url": "https://files.pythonhosted.org/packages/81/6e/c0a26f8f4bb60271eedda554ac5e554e8e001afe851bc519a3e483cb2446/brs_kb-1.1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-10-25 22:52:43",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "EPTLLC",
    "github_project": "BRS-KB",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "lcname": "brs-kb"
}
Brabus
Elapsed time: 0.83528s