228 Open source projects that are alternatives of or similar to Awesomexss

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Simple and lightweight library that helps to validate SVG files in security manners.

A few SQL and XSS attack tools

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

Powerful dork searcher and vulnerability scanner for windows platform

Most advanced XSS scanner.

Git All the Payloads! A collection of web attack payloads.

ROP Benchmark is a tool to compare ROP compilers

A web application for generating custom XSS payloads

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

XSS in pastebin.com and reddit.com via unsanitized markdown output

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

PSR-15 middleware to parse the body of the request with support for json, csv and url-encode

Getting started with java code auditing 代码审计入门的小项目

Markdown to HTML using marked and DOMPurify. Safe by default.

SQL Injection Payload List

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.

MS17-010: Python and Meterpreter

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Lightweight In-App Web Application Firewall for PHP

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

link is a command and control framework written in rust

Reinforced Mitigation Security Filter

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Exfiltration based on custom X509 certificates

Go Web Application Penetration Test

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

Gerar payload para qrcode estático PIX. (Sistema de pagamento instantâneo do Brasil) Sem a necessidade de conexão com um PSP.

A fast DOM based XSS vulnerability scanner with simplicity.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Web Application Security Scanner Framework

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

UI state management with RxJS.

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

(Windows/Linux/Mac) Remote Administration Tool

List of every possible vulnerabilities in computer security.

utility to sanitize hast nodes

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A Deliberately Insecure Web Application

No description or website provided.

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

This repository contains payload to test NoSQL Injections

Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

🎯 XML External Entity (XXE) Injection Payload List

Safe replacement for the v-html directive

Inclusive Angular API for DOMPurify

Amazon SNS/SQS client library that enables sending and receiving messages with payload larger than 256KiB via Amazon S3.

XSS Payload without Anything.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

Just Simple Code To Play With Android Payloads (;