417 Open source projects that are alternatives of or similar to 0l4bs

Powerfull XSS Scanning and Parameter analysis tool&gem

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

A big list of Android Hackerone disclosed reports and other resources.

XSS Payload without Anything.

Automating XSS using Bash

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A fast DOM based XSS vulnerability scanner with simplicity.

XSS in pastebin.com and reddit.com via unsanitized markdown output

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Hacking tools

Top disclosed reports from HackerOne

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A tool to check a bunch of URLs that contain reflecting params.

Toolset for detecting reflected xss in websites

No description or website provided.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Collection of quality safety articles. Awesome articles.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

DNS-Discovery is a multithreaded subdomain bruteforcer.

A container repository for my public web hacks!

Find exploits in local and online databases instantly

Random Tools for Bug Bounty

Urls de-duplication tool for better recon.

bug bounty hunters starter notes

Subdomain Takeover tool written in Go

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

Cross Origin Resource Sharing MisConfiguration Scanner

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Extract API keys from file or url using by magic of python and regex.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

A curated list of various bug bounty tools

RFD Checker - security CLI tool to test Reflected File Download issues

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Secret and/ credential patterns used for gf.

The Swiss Army knife for automated Web Application Testing

pentest framework

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

The unofficial HackerOne disclosure Timeline

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

xWAF 3.0 - Free Web Application Firewall, Open-Source.

A fast http and https prober, to check which URLs are alive

This challenge is Inon Shkedy's 31 days API Security Tips.

Collection of Facebook Bug Bounty Writeups

Scan for open AWS S3 buckets and dump the contents

A collection of response templates for invalid bug bounty reports.

Scans a list of websites for Cloudfront or S3 Buckets

A fast HTTP Response status checker implemented in Python3

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.