#Xss
Showing 60 of 133 repositories tagged #xss, ranked by stars
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Most advanced XSS scanner.
Source code for Hacker101.com - a free online web and mobile security class.
A list of resources for those interested in getting started in bug bounties
一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Top disclosed reports from HackerOne
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Web-Security-Learning
Web Application Security Scanner Framework
Git All the Payloads! A collection of web attack payloads.
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Collection of quality safety articles. Awesome articles.
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
Advanced dork Search & Mass Exploit Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Check your WAF before an attacker does
An XSS exploitation command-line interface and payload generator.
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
pentest framework
Browser's XSS Filter Bypass Cheat Sheet
🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。
aawaf 是一款基于语义分析的Web应用防火墙
🔪Browser logic vulnerabilities :skull_and_crossbones:
Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App
ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
Perform advanced MiTM attacks on websites with ease 💉
Adds extra security-related features in your Symfony application
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
JSshell - JavaScript reverse/remote shell
Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
A tool to check a bunch of URLs that contain reflecting params.
Use DOMPurify on server and client in the same way
Tips on how to write exploit scripts (faster!)
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Build Content-Security-Policy headers from a JSON file (or build them programmatically)
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
🔥 Repo related to my FrontendMasters course. An Advanced Web Dev Quiz that covers a wide range of the things web devs get to deal with on a daily basis.
渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
基于Burp插件开发打造渗透测试自动化
Proactively protect your Node.js web services
eLearnSecurity Junior Penetration Tester (eJPT) v2 Notes
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Safe replacement for the v-html directive
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
A list of useful payloads for Web Application Security and Pentest/CTF
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes