1667 Open source projects that are alternatives of or similar to Ezxss

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Awesome Vulnerable Applications

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Penetration tests guide based on OWASP including test cases, resources and examples.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

No description or website provided.

CNN example for training your own datasets.

List of every possible vulnerabilities in computer security.

A web application for generating custom XSS payloads

A few SQL and XSS attack tools

Web Application Security Scanner Framework

Para pencari bug / celah kemanan bisa bergabung.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Tips and Tutorials for Bug Bounty and also Penetration Tests.

link is a command and control framework written in rust

No description or website provided.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

XSS in pastebin.com and reddit.com via unsanitized markdown output

A fast DOM based XSS vulnerability scanner with simplicity.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Client not paid ? This is the solution of your problem

It's a Docker Environment for pentesting which having all the required tool for VAPT.

📧 DM-BOT is discord bot that can record direct messages. One of us! You can also reply to those messages! DM-BOT is easy to use & understand! I decided to use Discord.js, it's literally the best.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Host Header Injection Checker

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

My personal bug bounty toolkit.

A Tool for Domain Flyovers

An easy alert on status bar

Yet Another PHP Shell - The most complete PHP reverse shell

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Security tool to quickly audit Public Box files and folders.

Collection of admin fields and decorators to help to create computed or custom fields more friendly and easy way

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A set of useful utilities and helpers used across Easy.* projects.

🎯 XML External Entity (XXE) Injection Payload List

Awesome XSS stuff

A MongoDB importer and API for Project Sonars DNS datasets

Top disclosed reports from HackerOne

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

🎯 Command Injection Payload List

Web path scanner

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

All about bug bounty (bypasses, payloads, and etc)

A big list of Android Hackerone disclosed reports and other resources.

🎯 SQL Injection Payload List

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

JSON RSA to HMAC and None Algorithm Vulnerability POC

XSS Payload without Anything.