158 Open source projects that are alternatives of or similar to Owasp Xenotix Xss Exploit Framework

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

utility to sanitize hast nodes

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

rewrite constructor arguments, call DOMPurify, profit

A helpful Java Deserialization exploit framework based on ysoserial

Markdown to HTML using marked and DOMPurify. Safe by default.

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀， 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发， 支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

Simple and lightweight library that helps to validate SVG files in security manners.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Lightweight In-App Web Application Firewall for PHP

In progress rough solutions to bWAPP / bee-box

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

WEB SERVICE SECURITY ASSESSMENT TOOL

XSS in pastebin.com and reddit.com via unsanitized markdown output

Go Web Application Penetration Test

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

Proactively protect your Node.js web services

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

Web Application Security Scanner Framework

Safe replacement for the v-html directive

实时上线的 XSS 盲打平台

Minimalist cheat sheet for developpers to write secure code

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

List of every possible vulnerabilities in computer security.

Toolset for detecting reflected xss in websites

Web-Security-Learning

No description or website provided.

The popular NoScript Security Suite browser extension.

Inclusive Angular API for DOMPurify

An interactive multi-user web JS shell

异步漏洞利用框架

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

Very simple script(s) to hasten binary exploit creation

A fast DOM based XSS vulnerability scanner with simplicity.

Powerful dork searcher and vulnerability scanner for windows platform

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

A Ruby micro-framework for writing and running exploits

Getting started with java code auditing 代码审计入门的小项目

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

An implementation of PHP's strip_tags in Typescript.

A Deliberately Insecure Web Application

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Reinforced Mitigation Security Filter

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

XSS Payload without Anything.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

A few SQL and XSS attack tools

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices.

A web application for generating custom XSS payloads

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

xss漏洞模糊测试payload的最佳集合 2020版

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

Awesome XSS stuff

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities