191 Open source projects that are alternatives of or similar to Veneno

A container repository for my public web hacks!

A list of resources for those interested in getting started in bug bounties

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Source code for Hacker101.com - a free online web and mobile security class.

A Deliberately Insecure Web Application

👨‍🏫 Mike's Web Security Course

Human and machine readable web vulnerability testing format

XSS'OR - Hack with JavaScript.

Collection of quality safety articles. Awesome articles.

Hacking tools

Java web and command line applications demonstrating various security topics

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

JSshell - JavaScript reverse/remote shell

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

利用XSS入侵内网(Use XSS automation Invade intranet)

A curated list of various bug bounty tools

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

Most advanced XSS scanner.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

bug bounty hunters starter notes

Audit tool to find common vulnerabilities in PHP source code

ASP.NET View State Decoder

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

A guided mutation-based fuzzer for ML-based Web Application Firewalls

Automating XSS using Bash

Python library and CLI for the Bug Bounty Recon API

A tool to check a bunch of URLs that contain reflecting params.

The Serverless Blind XSS App

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

A list of useful payloads for Web Application Security and Pentest/CTF

WAScan - Web Application Scanner

Runs the default Google Lighthouse tests with additional security tests

xWAF 3.0 - Free Web Application Firewall, Open-Source.

HTTPS Frontend Hijack

CS 253 Web Security course at Stanford University

Awesome Node.js Security resources

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

HTTP Cache Poisoning Demo

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

A Router WiFi key recovery/cracking tool with a twist.

Awesome Object Capabilities and Capability Security

pentest framework

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

Security Testing Scripts for JWT

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Hooks in to interesting functions and helps reverse the web app faster.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

🖤 网络安全与渗透测试工具导航

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Open IP cameras in IPv4

nodejs + express security and performance boilerplate.