191 Open source projects that are alternatives of or similar to hackable

Browser's XSS Filter Bypass Cheat Sheet

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

SQL injection via bruteforced MD5 hash reflection of random strings

Small tool to package javascript into a valid image file.

XSS'OR - Hack with JavaScript.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

SPA quick start using Python Flask and Vue.js. Containerized with Docker.

Extraction of iMessage Data via XSS

Perform advanced MiTM attacks on websites with ease 💉

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

✈️ An enterprise level Flight Booking System for Turkish Airlines (web-application) based on the Model View Controller (MVC) Architecture made using Java Servlets, Java Server Pages (JSPs). Moreover authentication and authorization for users is implemented. The web-application is also secured against SQL Injection and Cross-Site Scripting attacks.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

🔪Browser logic vulnerabilities ☠️

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

XssPayload List . Usage:

Cure53 Browser Security White Paper

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

Cross-site scripting labs for web application security enthusiasts

pentest framework

A web application for generating custom XSS payloads

Pretty vulnerable flask app..

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

An implementation of PHP's strip_tags in Typescript.

Git All the Payloads! A collection of web attack payloads.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

The popular NoScript Security Suite browser extension.

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

🖤 网络安全与渗透测试工具导航

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

A container repository for my public web hacks!

Awesome XSS stuff

Filter user input for XSS but don't touch other html

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Hacking tools

A fast DOM based XSS vulnerability scanner with simplicity.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Getting started with java code auditing 代码审计入门的小项目

The Serverless Blind XSS App

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Lightweight In-App Web Application Firewall for PHP

No description or website provided.

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

👨‍🏫 Mike's Web Security Course

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

Small but effective wordlist for brute-forcing and discovering hidden things.

利用XSS入侵内网(Use XSS automation Invade intranet)

nodejs + express security and performance boilerplate.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Minimalist cheat sheet for developpers to write secure code

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Make XSS Great Again

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Java web and command line applications demonstrating various security topics