417 Open source projects that are alternatives of or similar to Gxss

A fast DOM based XSS vulnerability scanner with simplicity.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Toolset for detecting reflected xss in websites

Automating XSS using Bash

XSS in pastebin.com and reddit.com via unsanitized markdown output

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Top disclosed reports from HackerOne

No description or website provided.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A big list of Android Hackerone disclosed reports and other resources.

Hacking tools

Cross-site scripting labs for web application security enthusiasts

XSS Payload without Anything.

Powerfull XSS Scanning and Parameter analysis tool&gem

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Scan for open AWS S3 buckets and dump the contents

RFD Checker - security CLI tool to test Reflected File Download issues

The Swiss Army knife for automated Web Application Testing

Collection of quality safety articles. Awesome articles.

Penetration tests guide based on OWASP including test cases, resources and examples.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Extract API keys from file or url using by magic of python and regex.

Urls de-duplication tool for better recon.

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Scans a list of websites for Cloudfront or S3 Buckets

pentest framework

Collection of Facebook Bug Bounty Writeups

Command line tool for testing CRLF injection on a list of domains.

xWAF 3.0 - Free Web Application Firewall, Open-Source.

A fast http and https prober, to check which URLs are alive

This challenge is Inon Shkedy's 31 days API Security Tips.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Most advanced XSS scanner.

A collection of response templates for invalid bug bounty reports.

A Python3 based single-file subdomain enumerator

A fast HTTP Response status checker implemented in Python3

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Web Application recon automation

A container repository for my public web hacks!

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

Security Tool to Look For Interesting Files in S3 Buckets

Random Tools for Bug Bounty

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

websocket-connection-smuggler

nodejs + express security and performance boilerplate.

bug bounty hunters starter notes

Automatically brute force all services running on a target.

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

A curated list of various bug bounty tools