305 Open source projects that are alternatives of or similar to Bluemonday

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

Hacking tools

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

nodejs + express security and performance boilerplate.

Audit tool to find common vulnerabilities in PHP source code

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

域名白名单内核模块，基于 Linux Netfilter 过滤 HTTP 协议中的 Host 字段

Learning Penetration Testing of Android Applications

A global domain based database for NoScript, uBlock, uMatrix & ScriptSafe

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

Desktop variant of OWASP Threat Dragon

A simple web app that helps developers understand the ASVS requirements.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Hooks in to interesting functions and helps reverse the web app faster.

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

In-depth Attack Surface Mapping and Asset Discovery

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Collection of quality safety articles. Awesome articles.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Ip filter middleware for koa, support whitelist and blacklist.

A collection of hacking / penetration testing resources to make you better!

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

bug bounty hunters starter notes

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

A tool to check a bunch of URLs that contain reflecting params.

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

The OWASP ZAP core project

whitelist.dock.io backend service

Generates system-specific repositories to be added in configuration file for silently updating all packages via unattended upgrades.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Easier way to exempt your favorite YouTube channels from adblocking.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

An open source, online threat modelling tool from OWASP

OWASP Cloud Security - Enabling conversations through threat and control stories

pentest framework

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A container repository for my public web hacks!

Automated Penetration Testing Framework

Sqreen's Application Security Management for the Go language

Browser's XSS Filter Bypass Cheat Sheet

Most advanced XSS scanner.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Cross-site scripting labs for web application security enthusiasts

Awesome Node.js Security resources

Cleans HTML to avoid XSS attacks

Automated Security Testing For REST API's

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Automating XSS using Bash