191 Open source projects that are alternatives of or similar to hackable

Audit tool to find common vulnerabilities in PHP source code

A Deliberately Insecure Web Application

A few SQL and XSS attack tools

List of every possible vulnerabilities in computer security.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Web Application Security Scanner Framework

Source code for Hacker101.com - a free online web and mobile security class.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

No description or website provided.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Proactively protect your Node.js web services

Top disclosed reports from HackerOne

In progress rough solutions to bWAPP / bee-box

JSshell - JavaScript reverse/remote shell

Proof of Concept code for CVE-2015-0345 (APSB15-07)

WAScan - Web Application Scanner

Extraction of iMessage Data via XSS

Quick SQL Scanner, Dorker, Webshell injector PHP

An XSS reverse shell framework

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Hooks in to interesting functions and helps reverse the web app faster.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Automating XSS using Bash

A tool to check a bunch of URLs that contain reflecting params.

Toolset for detecting reflected xss in websites

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

SQL injection via bruteforced MD5 hash reflection of random strings

XSS'OR - Hack with JavaScript.

SPA quick start using Python Flask and Vue.js. Containerized with Docker.

✈️ An enterprise level Flight Booking System for Turkish Airlines (web-application) based on the Model View Controller (MVC) Architecture made using Java Servlets, Java Server Pages (JSPs). Moreover authentication and authorization for users is implemented. The web-application is also secured against SQL Injection and Cross-Site Scripting attacks.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Cure53 Browser Security White Paper

Cross-site scripting labs for web application security enthusiasts

Pretty vulnerable flask app..

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Git All the Payloads! A collection of web attack payloads.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

🖤 网络安全与渗透测试工具导航

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Collection of quality safety articles. Awesome articles.

A container repository for my public web hacks!

Filter user input for XSS but don't touch other html

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

Hacking tools

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Most advanced XSS scanner.

No description or website provided.

Prevents XSS by figuring out how to escape untrusted values in templates

A list of useful payloads for Web Application Security and Pentest/CTF

bug bounty hunters starter notes

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

👨‍🏫 Mike's Web Security Course

pentest framework

xWAF 3.0 - Free Web Application Firewall, Open-Source.