pgaijin66 / Xss Payloads

Proactively protect your Node.js web services

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Powerfull XSS Scanning and Parameter analysis tool&gem

xss漏洞模糊测试payload的最佳集合 2020版

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

Perform advanced MiTM attacks on websites with ease 💉

Top disclosed reports from HackerOne

🔪Browser logic vulnerabilities ☠️

An implementation of PHP's strip_tags in Typescript.

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

XssPayload List . Usage:

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

A big list of Android Hackerone disclosed reports and other resources.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档