FilterbypassBrowser's XSS Filter Bypass Cheat Sheet
Stars: ✭ 884 (+1349.18%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (+181.97%)
DompurifyDOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Stars: ✭ 8,177 (+13304.92%)
hasherbasherSQL injection via bruteforced MD5 hash reflection of random strings
Stars: ✭ 40 (-34.43%)
ImagejsSmall tool to package javascript into a valid image file.
Stars: ✭ 828 (+1257.38%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+3127.87%)
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+1204.92%)
flask-vue-project-seedSPA quick start using Python Flask and Vue.js. Containerized with Docker.
Stars: ✭ 27 (-55.74%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-14.75%)
InjectifyPerform advanced MiTM attacks on websites with ease 💉
Stars: ✭ 612 (+903.28%)
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+3400%)
Flight-Booking-System-JavaServlets App✈️ An enterprise level Flight Booking System for Turkish Airlines (web-application) based on the Model View Controller (MVC) Architecture made using Java Servlets, Java Server Pages (JSPs). Moreover authentication and authorization for users is implemented. The web-application is also secured against SQL Injection and Cross-Site Scripting attacks.
Stars: ✭ 107 (+75.41%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (+337.7%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+826.23%)
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (+119.67%)
Csp BuilderBuild Content-Security-Policy headers from a JSON file (or build them programmatically)
Stars: ✭ 496 (+713.11%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+95.08%)
Pythempentest framework
Stars: ✭ 1,060 (+1637.7%)
xss-chefA web application for generating custom XSS payloads
Stars: ✭ 70 (+14.75%)
flask-vulnPretty vulnerable flask app..
Stars: ✭ 23 (-62.3%)
Owasp Xenotix Xss Exploit FrameworkOWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
Stars: ✭ 424 (+595.08%)
Python Xss FilterBased on native Python module HTMLParser purifier of HTML, To Clear all javascript in html
Stars: ✭ 115 (+88.52%)
StriptagsAn implementation of PHP's strip_tags in Typescript.
Stars: ✭ 409 (+570.49%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+4591.8%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (+86.89%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (+75.41%)
xss-http-injectorXSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Stars: ✭ 22 (-63.93%)
NoscriptThe popular NoScript Security Suite browser extension.
Stars: ✭ 366 (+500%)
XsscopeXSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
Stars: ✭ 103 (+68.85%)
Scaner扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
Stars: ✭ 357 (+485.25%)
Secbox🖤 网络安全与渗透测试工具导航
Stars: ✭ 222 (+263.93%)
Owasp Java EncoderThe OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Stars: ✭ 343 (+462.3%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+2136.07%)
AwesomexssAwesome XSS stuff
Stars: ✭ 3,664 (+5906.56%)
laravel-xss-filterFilter user input for XSS but don't touch other html
Stars: ✭ 38 (-37.7%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+442.62%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+408.2%)
Angularjs Csti ScannerAutomated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Stars: ✭ 214 (+250.82%)
JavacodeauditGetting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (+373.77%)
XlessThe Serverless Blind XSS App
Stars: ✭ 191 (+213.11%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+1575.41%)
litewafLightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-47.54%)
SqlinatorAutomatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS
Stars: ✭ 70 (+14.75%)
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
Stars: ✭ 26 (-57.38%)
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (-21.31%)
wasecExamples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (+21.31%)
Wordlist404Small but effective wordlist for brute-forcing and discovering hidden things.
Stars: ✭ 101 (+65.57%)
Webrtcxss利用XSS入侵内网(Use XSS automation Invade intranet)
Stars: ✭ 190 (+211.48%)
Express Securitynodejs + express security and performance boilerplate.
Stars: ✭ 37 (-39.34%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1496.72%)
security-cheat-sheetMinimalist cheat sheet for developpers to write secure code
Stars: ✭ 47 (-22.95%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+1498.36%)
SuperXSSMake XSS Great Again
Stars: ✭ 57 (-6.56%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-45.9%)
JavasecurityJava web and command line applications demonstrating various security topics
Stars: ✭ 182 (+198.36%)