Skip to content
/ OOB-er Public

A Python API built with FastAPI that notifies a Discord webhook whenever the `/oob` endpoint is accessed. Designed for security monitoring, Cross-Site Scripting (XSS) research, and Out-of-Band (OOB) interaction detection.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GRodolphe/OOB-er

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.env.example
.env.example
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

OOB-er

A Python API built with FastAPI that notifies a Discord webhook whenever the /oob endpoint is accessed. Designed for security monitoring, Cross-Site Scripting (XSS) research, and Out-of-Band (OOB) interaction detection.

Features

  • FastAPI: High performance, asynchronous API framework.
  • Discord Integration: Sends rich embeds with detailed request information.
  • Rate Limiting: Prevents webhook spamming (5 requests/minute per IP).
  • Unicode Normalization (NFKC): Flattens malicious homograph characters to prevent bypasses.
  • Control Character Removal: Strips non-printable characters while preserving necessary formatting.
  • Discord Evasion Protection: Replaces backticks (`) with harmless look-alikes to prevent code block breakouts.
  • Mention Protection: Automatically escapes @everyone and @here to prevent unauthorized notifications.
  • Strict Truncation: Ensures all fields stay within Discord's 1024-character limit to prevent API errors.
  • Optimized: Uses connection pooling with a single httpx.AsyncClient for high-concurrency performance.
  • PEP 8 & Black: Code follows standard Python formatting and best practices.
  • Dockerized: Easy deployment using a single Docker container.

Setup

Option 1: Using Docker

  1. Build the image:

    docker build -t oob-er .

  2. Run the container: Pass your Discord Webhook URL as an environment variable:

    docker run -d -p 8000:8000 --env DISCORD_WEBHOOK_URL="your_webhook_url_here" oob-er

Option 2: Local Installation

  1. Install dependencies:

    pip install -r requirements.txt

  2. Configure Environment: Copy .env.example to .env and add your Discord Webhook URL.

    cp .env.example .env

  3. Run the API:

    python main.py

Usage

Once the server is running, make a GET request to: http://localhost:8000/oob?param1=value1&param2=value2

The API will capture and sanitize:

  • Date (UTC): Human-readable timestamp.
  • URL: The full request URL.
  • Client IP: Captured securely (supports X-Forwarded-For for proxies).
  • HTTP Method: GET, POST, etc.
  • Query Parameters: Full JSON representation.
  • Cookies: Full JSON representation.
  • Headers: Full request headers.

Rate Limits

By default, the /oob endpoint is limited to 5 requests per minute per client IP to prevent abuse and webhook flooding.

About

A Python API built with FastAPI that notifies a Discord webhook whenever the `/oob` endpoint is accessed. Designed for security monitoring, Cross-Site Scripting (XSS) research, and Out-of-Band (OOB) interaction detection.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages