XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Uxss Db🔪Browser logic vulnerabilities ☠️
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
0d1nTool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
Csp BuilderBuild Content-Security-Policy headers from a JSON file (or build them programmatically)
TracyA tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Xss Listener🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.
StriptagsAn implementation of PHP's strip_tags in Typescript.
Anti Xss㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
ProtectProactively protect your Node.js web services
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
XsserFrom XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
NoscriptThe popular NoScript Security Suite browser extension.
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Scaner扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
Lamp Cloudlamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台,其中的可配置的SaaS功能尤其闪耀, 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块,支持多业务系统并行开发, 支持多服务并行开发,可以作为后端服务的开发脚手架。代码简洁,注释齐全,架构清晰,非常适合学习和企业作为基础框架使用。
Owasp Java EncoderThe OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
JsshellAn interactive multi-user web JS shell
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
GowaptGo Web Application Penetration Test
ArachniWeb Application Security Scanner Framework
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
SQL-XSSA few SQL and XSS attack tools
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
xss-chefA web application for generating custom XSS payloads
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
vulnerabilitiesList of every possible vulnerabilities in computer security.
litewafLightweight In-App Web Application Firewall for PHP
wasecExamples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
safe-markedMarkdown to HTML using marked and DOMPurify. Safe by default.
security-wrapper对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
diwaA Deliberately Insecure Web Application
ngx http html sanitize moduleIt's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property
NachtWalReinforced Mitigation Security Filter
safe-svgSimple and lightweight library that helps to validate SVG files in security manners.
html-sanitizerHTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks