663 Open source projects that are alternatives of or similar to SQL-XSS

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

CLI to integrate continuous fuzzing with Fuzzit

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Penetration tests guide based on OWASP including test cases, resources and examples.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🎯 Command Injection Payload List

A container repository for my public web hacks!

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Source code for Hacker101.com - a free online web and mobile security class.

Audit tool to find common vulnerabilities in PHP source code

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

Awesome XSS stuff

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Extraction of iMessage Data via XSS

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Android application fuzzing framework with fuzzers and crash monitor.

SQL Injection Payload List

🔪Browser logic vulnerabilities ☠️

Hacking tools

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Git All the Payloads! A collection of web attack payloads.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

My fuzzing corpus

Go Web Application Penetration Test

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

A list of useful payloads for Web Application Security and Pentest/CTF

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Powerful dork searcher and vulnerability scanner for windows platform

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

XSS in pastebin.com and reddit.com via unsanitized markdown output

Real world and CTFs exploiting web/binary POCs.

Tough Fuzzer is an obstacle course for go-fuzz composed of a series of small code samples which encapsulate the most common obstacles to code-coverage the fuzzer will encounter. In each case, the obstacle is insurmountable in a reasonable period of time using random inputs or even coverage-guided mutation.

No description or website provided.

Python based tool for testing whether your API conforms to its Swagger schema

Get actually nice HTML coverage overview on libfuzzer runs

Corpus of crypto formats

Fuzzing tool written in Golang. Insane monkey not included.

Log4j Vulnerability Scanner for Windows

link is a command and control framework written in rust

source code audit tool

Compress long exception traces down to short signatures

Collection of LLVM passes and triage tools for use with the KRF fuzzer

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.

A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.

A web application for generating custom XSS payloads

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Python bindings for calling radamsa mutators

ClusterFuzzLite - Simple continuous fuzzing that runs in CI.

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

go-sqlancer

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Research papers on ML for security