#Xss

Showing 60 of 133 repositories tagged #xss, ranked by stars

chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
100
★ 21.7k ⑂ 1.4k +40/day
Go
cure53
cure53
DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Score
100
★ 17.2k ⑂ 855 +2/day
JavaScript
s0md3v
s0md3v
XSStrike

Most advanced XSS scanner.

Score
88
★ 15.1k ⑂ 2.1k +19/day
Python
Hacker0x01
Hacker0x01
hacker101

Source code for Hacker101.com - a free online web and mobile security class.

Score
96
★ 14.5k ⑂ 2.7k +3/day
SCSS
nahamsec
nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Score
96
★ 12.1k ⑂ 2.0k +7/day
chaitin
chaitin
xray

一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Score
95
★ 11.6k ⑂ 1.9k +4/day
Vue
reddelexc
reddelexc
hackerone-reports

Top disclosed reports from HackerOne

Score
100
★ 6.3k ⑂ 1.1k +14/day
Python
hahwul
hahwul
dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Score
100
★ 5.1k ⑂ 542 +4/day
Rust
CHYbeta
CHYbeta
Web-Security-Learning

Web-Security-Learning

Score
87
★ 4.3k ⑂ 1.0k
HTML
Arachni
Arachni
arachni

Web Application Security Scanner Framework

Score
99
★ 4.0k ⑂ 785 +2/day
Ruby
foospidy
foospidy
payloads

Git All the Payloads! A collection of web attack payloads.

Score
86
★ 4.0k ⑂ 991 +2/day
Shell
microcosm-cc
microcosm-cc
bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Score
50
★ 3.7k ⑂ 193 +1/day
Go
terjanq
terjanq
Tiny-XSS-Payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Score
79
★ 2.4k ⑂ 219 +3/day
JavaScript
ssl
ssl
ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Score
98
★ 2.3k ⑂ 386 +4/day
PHP
tom0li
tom0li
collection-document

Collection of quality safety articles. Awesome articles.

Score
81
★ 2.1k ⑂ 508
Safe3
Safe3
uusec-waf

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Score
97
★ 1.7k ⑂ 168 +2/day
Shell
AlisamTechnology
AlisamTechnology
ATSCAN

Advanced dork Search & Mass Exploit Scanner

Score
78
★ 1.6k ⑂ 357 +2/day
Perl
v3n0m-Scanner
v3n0m-Scanner
V3n0M-Scanner

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Score
62
★ 1.6k ⑂ 415
Python
nemesida-waf
nemesida-waf
waf-bypass

Check your WAF before an attacker does

Score
75
★ 1.5k ⑂ 186 +5/day
Python
t3l3machus
t3l3machus
toxssin

An XSS exploitation command-line interface and payload generator.

Score
76
★ 1.4k ⑂ 196
Python
hahwul
hahwul
XSpear

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

Score
93
★ 1.4k ⑂ 241 +3/day
Ruby
nette
nette
latte

☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

Score
94
★ 1.3k ⑂ 112
PHP
m4n3dw0lf
m4n3dw0lf
pythem

pentest framework

Score
77
★ 1.2k ⑂ 321
Python
masatokinugawa
masatokinugawa
filterbypass

Browser's XSS Filter Bypass Cheat Sheet

Score
75
★ 1.2k ⑂ 213 +1/day
Baroshem
Baroshem
nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

Score
92
★ 976 ⑂ 78
TypeScript
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
50
★ 965 ⑂ 80 +4/day
Rust
wuba
wuba
Antenna

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。

Score
72
★ 720 ⑂ 71
JavaScript
aaPanel
aaPanel
aaWAF

aawaf 是一款基于语义分析的Web应用防火墙

Score
90
★ 715 ⑂ 135 +1/day
Go
Metnew
Metnew
uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

Score
73
★ 705 ⑂ 83
HTML
Ishanoshada
Ishanoshada
GDorks

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App

Score
85
★ 691 ⑂ 114
MindPatch
MindPatch
scant3r

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

Score
91
★ 685 ⑂ 150
Python
samdenty
samdenty
injectify

Perform advanced MiTM attacks on websites with ease 💉

Score
0
★ 681 ⑂ 118
TypeScript
nelmio
nelmio
NelmioSecurityBundle

Adds extra security-related features in your Symfony application

Score
84
★ 676 ⑂ 93
PHP
w3c
w3c
trusted-types

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

Score
89
★ 660 ⑂ 84
JavaScript
YagamiiLight
YagamiiLight
Cerberus

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Score
74
★ 647 ⑂ 129
Python
shelld3v
shelld3v
JSshell

JSshell - JavaScript reverse/remote shell

Score
38
★ 631 ⑂ 110
Python
capture0x
capture0x
XSS-LOADER

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Score
89
★ 616 ⑂ 123
Python
KathanP19
KathanP19
Gxss

A tool to check a bunch of URLs that contain reflecting params.

Score
0
★ 601 ⑂ 86 +1/day
Go
kkomelin
kkomelin
isomorphic-dompurify

Use DOMPurify on server and client in the same way

Score
88
★ 590 ⑂ 16
TypeScript
rizemon
rizemon
exploit-writing-for-oswe

Tips on how to write exploit scripts (faster!)

Score
25
★ 587 ⑂ 111 +1/day
LewisArdern
LewisArdern
bXSS

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Score
68
★ 576 ⑂ 64
JavaScript
nccgroup
nccgroup
tracy

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Score
67
★ 560 ⑂ 70 +1/day
JavaScript
paragonie
paragonie
csp-builder

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

Score
83
★ 541 ⑂ 39
PHP
kleiton0x00
kleiton0x00
ppmap

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

Score
64
★ 520 ⑂ 72
Go
lydiahallie
lydiahallie
advanced-web-dev-quiz

🔥 Repo related to my FrontendMasters course. An Advanced Web Dev Quiz that covers a wide range of the things web devs get to deal with on a daily basis.

Score
63
★ 476 ⑂ 82 +1/day
3516634930
3516634930
Payloader

渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript

Score
82
★ 438 ⑂ 112 +4/day
TypeScript
ImAyrix
ImAyrix
fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Score
60
★ 433 ⑂ 53
Go
dongfangyuxiao
dongfangyuxiao
BurpExtend

基于Burp插件开发打造渗透测试自动化

Score
61
★ 420 ⑂ 78
HTML
RisingStack
RisingStack
protect

Proactively protect your Node.js web services

Score
57
★ 399 ⑂ 23
JavaScript
dev-angelist
dev-angelist
eJPTv2-Notes

eLearnSecurity Junior Penetration Tester (eJPT) v2 Notes

Score
59
★ 370 ⑂ 86 +2/day
TeraSecTeam
TeraSecTeam
ary

Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。

Score
56
★ 339 ⑂ 54
LeSuisse
LeSuisse
vue-dompurify-html

Safe replacement for the v-html directive

Score
100
★ 334 ⑂ 29
TypeScript
andreiverse
andreiverse
vaf

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Score
53
★ 318 ⑂ 44
Nim
kleiton0x00
kleiton0x00
XSScope

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Score
58
★ 314 ⑂ 81
HTML
zer0yu
zer0yu
Berserker

A list of useful payloads for Web Application Security and Pentest/CTF

Score
54
★ 312 ⑂ 59
Python
dragonked2
dragonked2
Egyscan

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

Score
80
★ 301 ⑂ 60
Python
Jewel591
Jewel591
xssmap

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Score
12
★ 270 ⑂ 54
Python
errorfiathck
errorfiathck
IDOR-Forge

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Score
66
★ 236 ⑂ 43 +2/day
Python
SecAegis
SecAegis
SecReport

ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。

Score
0
★ 183 ⑂ 21
Python
dev-angelist
dev-angelist
eWPTv2-Notes

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

Score
49
★ 173 ⑂ 43 +1/day
Related Topics
#security#bugbounty#hacking#sql-injection#pentest#penetration-testing#cybersecurity#vulnerability#web-security#javascript#sqli#python

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly