Lab time: Deploying an app prone to Cross-Site Scripting (XSS)

Simple and vulnerable NodeJS app deployment with Google Cloud App Engine

I wrote a little script in node.js for a hands-on lab to test Cross-Site Scripting (XSS).

monitor showing C++

You can download it from my github:

To deploy in Google Cloud App Engine:

$ git clone
$ gcloud init
$ gcloud projects create xss-lab$RANDOM
$ gcloud config set project xss-lab$RANDOM
$ gcloud projects describe xss-lab$RANDOM
$ gcloud app create --project=xss-lab$RANDOM
$ gcloud app deploy
$ gcloud app logs tail -s default

To start the project from a local system:

git clone
docker build -t defensahacker/nodexss:1.3 --no-cache .
docker run --rm -p 8080:8080 -d defensahacker/nodexss:1.3

Now visit the vulnerable website:


Happy hacking!

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts and support my work.






Leave a Reply

Your email address will not be published. Required fields are marked *