940 Open source projects that are alternatives of or similar to PastebinMarkdownXSS

A big list of Android Hackerone disclosed reports and other resources.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Misc. Public Reports of Penetration Testing and Security Audits.

Powerful dork searcher and vulnerability scanner for windows platform

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Powerfull XSS Scanning and Parameter analysis tool&gem

Hacking tools

A tool to check a bunch of URLs that contain reflecting params.

Audit tool to find common vulnerabilities in PHP source code

A Deliberately Insecure Web Application

A few SQL and XSS attack tools

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Top disclosed reports from HackerOne

Go Web Application Penetration Test

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Vulnerability assessment and penetration testing automation and reporting platform for teams.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Extraction of iMessage Data via XSS

all manner of wordlists

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Toolset for detecting reflected xss in websites

Turn your VPS into an attack box

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

No description or website provided.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

A fast DOM based XSS vulnerability scanner with simplicity.

🔪Browser logic vulnerabilities ☠️

Awesome Writeups and POCs

Little Bug Bounty & Hacking Tools⚔️

Astra is a tool to find URLs and secrets inside a webpage/files

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Cross-site scripting labs for web application security enthusiasts

Automating XSS using Bash

Tutorials and Things to Do while Hunting Vulnerability.

sub domain wild card filtering tool

A collection of some of my scripts

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Pentest: Subdomains enumeration tool for penetration testers.

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Related subdomains finder

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

goverview - Get an overview of the list of URLs

Information Security Library

XSS Payload without Anything.

Penetration tests guide based on OWASP including test cases, resources and examples.

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

Source code for Hacker101.com - a free online web and mobile security class.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

This document proposes a way of standardising the structure, language, and grammar used in security policies.