XsshellAn XSS reverse shell framework
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
PayloadsGit All the Payloads! A collection of web attack payloads.
Xss LoaderXss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
Angularjs Csti ScannerAutomated client-side template injection (sandbox escape/bypass) detection for AngularJS.
BerserkerA list of useful payloads for Web Application Security and Pentest/CTF
XlessThe Serverless Blind XSS App
Webrtcxss利用XSS入侵内网(Use XSS automation Invade intranet)
JavasecurityJava web and command line applications demonstrating various security topics
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
JsshellJSshell - JavaScript reverse/remote shell
Xssor2XSS'OR - Hack with JavaScript.
WascanWAScan - Web Application Scanner
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
PhpvulnAudit tool to find common vulnerabilities in PHP source code
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
HookishHooks in to interesting functions and helps reverse the web app faster.
0l4bsCross-site scripting labs for web application security enthusiasts
Python Xss FilterBased on native Python module HTMLParser purifier of HTML, To Clear all javascript in html
GxssA tool to check a bunch of URLs that contain reflecting params.
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Parsevip解析VIP资源,解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址
XsscopeXSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
HackvaultA container repository for my public web hacks!
Zebra formA jQuery augmented PHP library for creating secure HTML forms, and validating them easily
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
SqlinatorAutomatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
DompurifyDOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
ImagejsSmall tool to package javascript into a valid image file.
AtscanAdvanced dork Search & Mass Exploit Scanner
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Latte☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.
InjectifyPerform advanced MiTM attacks on websites with ease 💉
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.