146 Open source projects that are alternatives of or similar to SuperXSS

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

A web application for generating custom XSS payloads

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

Automating XSS using Bash

A list of useful payloads for Web Application Security and Pentest/CTF

An XSS reverse shell framework

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

Java web and command line applications demonstrating various security topics

bug bounty hunters starter notes

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Hooks in to interesting functions and helps reverse the web app faster.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

A tool to check a bunch of URLs that contain reflecting params.

Proof of Concept code for CVE-2015-0345 (APSB15-07)

Collection of quality safety articles. Awesome articles.

The Serverless Blind XSS App

Most advanced XSS scanner.

docker-compose部署LNMP环境 Nginx/Openresty、MySQL（5.7、8.0、8.1）、PHP7.4（8.0、5.6）、Redis5.0、PHPMyAdmin、Xdebug、RabbitMQ、Nacos

pentest framework

JSshell - JavaScript reverse/remote shell

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

nodejs + express security and performance boilerplate.

WAScan - Web Application Scanner

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

🖤 网络安全与渗透测试工具导航

Cross-site scripting labs for web application security enthusiasts

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

基于GatewayWorker+Vue所写的聊天室

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

👨‍🏫 Mike's Web Security Course

A container repository for my public web hacks!

Extraction of iMessage Data via XSS

Hacking tools

利用XSS入侵内网(Use XSS automation Invade intranet)

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Cure53 Browser Security White Paper

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

XSS'OR - Hack with JavaScript.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Prevents XSS by figuring out how to escape untrusted values in templates

Browser's XSS Filter Bypass Cheat Sheet

Source code for Hacker101.com - a free online web and mobile security class.

Git All the Payloads! A collection of web attack payloads.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Cleans HTML to avoid XSS attacks

Small tool to package javascript into a valid image file.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Pretty vulnerable flask app..

Filter user input for XSS but don't touch other html

Small but effective wordlist for brute-forcing and discovering hidden things.