132 Open source projects that are alternatives of or similar to persistent-clientside-xss

👨‍🏫 Mike's Web Security Course

Source code for Hacker101.com - a free online web and mobile security class.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

🖤 网络安全与渗透测试工具导航

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

In progress rough solutions to bWAPP / bee-box

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Simple and lightweight library that helps to validate SVG files in security manners.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Git All the Payloads! A collection of web attack payloads.

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Minimalist cheat sheet for developpers to write secure code

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

利用XSS入侵内网(Use XSS automation Invade intranet)

Make XSS Great Again

XSS'OR - Hack with JavaScript.

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Prevents XSS by figuring out how to escape untrusted values in templates

Cross-site scripting labs for web application security enthusiasts

Safe replacement for the v-html directive

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Extraction of iMessage Data via XSS

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Collection of quality safety articles. Awesome articles.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

A Deliberately Insecure Web Application

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

A list of useful payloads for Web Application Security and Pentest/CTF

Markdown to HTML using marked and DOMPurify. Safe by default.

The Serverless Blind XSS App

Toolset for detecting reflected xss in websites

Java web and command line applications demonstrating various security topics

Reinforced Mitigation Security Filter

JSshell - JavaScript reverse/remote shell

Pretty vulnerable flask app..

WAScan - Web Application Scanner

XSS in pastebin.com and reddit.com via unsanitized markdown output

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Filter user input for XSS but don't touch other html

Audit tool to find common vulnerabilities in PHP source code

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

Hooks in to interesting functions and helps reverse the web app faster.

Small but effective wordlist for brute-forcing and discovering hidden things.

Automating XSS using Bash

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

A tool to check a bunch of URLs that contain reflecting params.

Proof of Concept code for CVE-2015-0345 (APSB15-07)

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

XSS Payload without Anything.

An XSS reverse shell framework

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Powerful dork searcher and vulnerability scanner for windows platform

utility to sanitize hast nodes

rewrite constructor arguments, call DOMPurify, profit

Cure53 Browser Security White Paper