~/bug-bounty $

Turn a Stored XSS
into a Critical
Finding.

Triagers reject Medium findings. impactlab.sh gives you the evidence to prove your XSS is critical — JWT tokens, authenticated sessions, admin URLs. All captured automatically. All redacted. All exportable.

Start for free → How it works
impactlab — live session #1337
[init]Waiting for hook execution...
0
Evidence types collected
0
Score factors tracked
0
Lines in auto-report
0
Secrets auto-redacted
How it works

From payload to P1 in three steps

impactlab.sh handles the evidence layer. You handle the disclosure.

01

Inject the hook

Create a hook, get a <script> tag. Drop it into your Stored XSS payload. No backend. No dependencies. One line.

02

Evidence flows in

When a real user's browser fires the payload, the hook silently captures JWT presence, cookies, storage keys, authenticated URLs, and page metadata. All redacted at the edge before storage.

03

Ship the report

Your session is scored automatically. Export a complete bug bounty report — Markdown or PDF — formatted for HackerOne, Bugcrowd, or private programs. One click.

Evidence types

Every signal that matters to a triager

Each data point directly answers: "Can this lead to account takeover?"

+20 pts
🔑
JWT detection
Detects JSON Web Tokens in localStorage, sessionStorage, and cookies. First 12 chars shown, rest redacted. Location recorded.
+20 pts
🔐
Authenticated session
URL pattern analysis confirms the victim was logged in — /dashboard, /app, /account, /workspace and more.
+15 pts
🍪
Cookie exposure
Lists all non-HttpOnly cookie names accessible to JavaScript. Proves session cookies are stealable.
+15 pts
💾
Storage keys
Captures localStorage and sessionStorage key names. Values only collected when explicitly enabled per hook.
+10 pts
Admin URL
Flags /admin, /billing, /panel, /console, /invoice and 6 other sensitive path keywords. Auto-detected from URL.
+10 pts
📑
SPA persistence
Tracks navigation across pushState and hashchange — proving the payload executes persistently across multiple pages.
Scoring

Automatic severity
classification

Evidence accumulates into a score. Score maps to severity. Severity justifies your report.

75
Critical / High
60+ points — JWT + Auth + Admin
45
Medium
30–59 points — Storage + Cookies
12
Low
0–29 points — Basic execution proof
Score breakdown
Authenticated URL detected+20
JWT detected in storage/cookie+20
localStorage keys present+15
Non-HttpOnly cookie accessible+15
Admin/sensitive URL keyword+10
Multiple pages visited+10
Cross-origin referrer+10
Sensitive DOM keyword+10
HTTPS target+5
Report

A report triagers
actually act on

Auto-generated in English. Structured for HackerOne and Bugcrowd. Secrets automatically redacted. Business impact pre-written. Remediation included.

Markdown .md PDF export Copy to clipboard
Report sections
Summary · Evidence collected · JWT tokens ·
Accessible cookies · Storage exposure ·
Affected URLs · Session timeline ·
Business impact · Technical details ·
Remediation · Responsible disclosure note
impactlab-report-1337.md
# Stored XSS — Proof of Impact Report
> Generated by impactlab.sh · 2025-01-15 14:32 UTC
> Session: a3f9b2c1d4e5f6...
 
## Summary
| Severity | **HIGH · 75 pts**
| Vuln type | Stored / Blind XSS
| Affected URL| `https://app.target.com/dashboard`
| Browser | Chrome 120 on Windows
 
## Evidence Collected
- **JWT detected** in localStorage:
  `eyJhbGci...[redacted 187 chars]`
- **Non-HttpOnly cookies**: `session_id`, `remember_token`
- **Authenticated URL**: /dashboard pattern matched
- **Admin URL**: /admin/billing detected
 
## Business Impact
This vulnerability allows an attacker to steal
session tokens, perform authenticated actions...
 
## Remediation
1. Sanitize all user input before rendering...
  ██╗███╗   ███╗██████╗  █████╗  ██████╗████████╗██╗      █████╗ ██████╗
  ██║████╗ ████║██╔══██╗██╔══██╗██╔════╝╚══██╔══╝██║     ██╔══██╗██╔══██╗
  ██║██╔████╔██║██████╔╝███████║██║        ██║   ██║     ███████║██████╔╝
  ██║██║╚██╔╝██║██╔═══╝ ██╔══██║██║        ██║   ██║     ██╔══██║██╔══██╗
  ██║██║ ╚═╝ ██║██║     ██║  ██║╚██████╗   ██║   ███████╗██║  ██║██████╔╝
  ╚═╝╚═╝     ╚═╝╚═╝     ╚═╝  ╚═╝ ╚═════╝   ╚═╝   ╚══════╝╚═╝  ╚═╝╚═════╝

Prove the impact.
Ship the report.

Free to start. No credit card. Built for responsible disclosure.

CREATE YOUR FIRST HOOK →
By using impactlab.sh you agree to our Terms of Authorized Use. For bug bounty and authorized pentesting only.