ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+746.96%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+132.17%)
SQL-XSSA few SQL and XSS attack tools
Stars: ✭ 29 (-74.78%)
xss-chefA web application for generating custom XSS payloads
Stars: ✭ 70 (-39.13%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+391.3%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-87.83%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+747.83%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-66.96%)
ng-dompurifyInclusive Angular API for DOMPurify
Stars: ✭ 65 (-43.48%)
XsscopeXSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
Stars: ✭ 103 (-10.43%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-26.09%)
Csp BuilderBuild Content-Security-Policy headers from a JSON file (or build them programmatically)
Stars: ✭ 496 (+331.3%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (-16.52%)
FilterbypassBrowser's XSS Filter Bypass Cheat Sheet
Stars: ✭ 884 (+668.7%)
Foxss-XSS-Penetration-Testing-ToolFoxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.
Stars: ✭ 35 (-69.57%)
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87 (-24.35%)
ngx http html sanitize moduleIt's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property
Stars: ✭ 14 (-87.83%)
Owasp Xenotix Xss Exploit FrameworkOWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
Stars: ✭ 424 (+268.7%)
safe-svgSimple and lightweight library that helps to validate SVG files in security manners.
Stars: ✭ 25 (-78.26%)
DompurifyDOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Stars: ✭ 8,177 (+7010.43%)
StriptagsAn implementation of PHP's strip_tags in Typescript.
Stars: ✭ 409 (+255.65%)
sanitizer-polyfillrewrite constructor arguments, call DOMPurify, profit
Stars: ✭ 46 (-60%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (-0.87%)
security-cheat-sheetMinimalist cheat sheet for developpers to write secure code
Stars: ✭ 47 (-59.13%)
Anti Xss㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
Stars: ✭ 403 (+250.43%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+37.39%)
ImagejsSmall tool to package javascript into a valid image file.
Stars: ✭ 828 (+620%)
SuperXSSMake XSS Great Again
Stars: ✭ 57 (-50.43%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+238.26%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+155.65%)
SqlinatorAutomatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS
Stars: ✭ 70 (-39.13%)
NoscriptThe popular NoScript Security Suite browser extension.
Stars: ✭ 366 (+218.26%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-71.3%)
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+592.17%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-54.78%)
Scaner扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
Stars: ✭ 357 (+210.43%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+1086.09%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+2388.7%)
Owasp Java EncoderThe OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Stars: ✭ 343 (+198.26%)
Secbox🖤 网络安全与渗透测试工具导航
Stars: ✭ 222 (+93.04%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+570.43%)
Angularjs Csti ScannerAutomated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Stars: ✭ 214 (+86.09%)
AwesomexssAwesome XSS stuff
Stars: ✭ 3,664 (+3086.09%)
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (-58.26%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+187.83%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (+0%)
Parsevip解析VIP资源,解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址
Stars: ✭ 105 (-8.7%)
Zebra formA jQuery augmented PHP library for creating secure HTML forms, and validating them easily
Stars: ✭ 95 (-17.39%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+788.7%)
Latte☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.
Stars: ✭ 616 (+435.65%)
GowaptGo Web Application Penetration Test
Stars: ✭ 300 (+160.87%)