实时上线的 XSS 盲打平台

Proactively protect your Node.js web services

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀， 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发， 支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

xss漏洞模糊测试payload的最佳集合 2020版

Web-Security-Learning

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

The popular NoScript Security Suite browser extension.

An implementation of PHP's strip_tags in Typescript.

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

Top disclosed reports from HackerOne

Awesome XSS stuff

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.