133 Open source projects that are alternatives of or similar to Python Xss Filter

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

xss漏洞模糊测试payload的最佳集合 2020版

Cleans HTML to avoid XSS attacks

Powerfull XSS Scanning and Parameter analysis tool&gem

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀， 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发， 支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

bug bounty hunters starter notes

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Web-Security-Learning

nodejs + express security and performance boilerplate.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Most advanced XSS scanner.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

Collection of quality safety articles. Awesome articles.

Proactively protect your Node.js web services

Advanced dork Search & Mass Exploit Scanner

WEB SERVICE SECURITY ASSESSMENT TOOL

pentest framework

实时上线的 XSS 盲打平台

A list of resources for those interested in getting started in bug bounties

Perform advanced MiTM attacks on websites with ease 💉

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A big list of Android Hackerone disclosed reports and other resources.

Hacking tools

🔪Browser logic vulnerabilities ☠️

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

XssPayload List . Usage:

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

Browser's XSS Filter Bypass Cheat Sheet

Top disclosed reports from HackerOne

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

An implementation of PHP's strip_tags in Typescript.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

Small tool to package javascript into a valid image file.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

The popular NoScript Security Suite browser extension.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

A container repository for my public web hacks!

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Awesome XSS stuff

xWAF 3.0 - Free Web Application Firewall, Open-Source.

List of advanced XSS payloads

A tool to check a bunch of URLs that contain reflecting params.

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.