142 Open source projects that are alternatives of or similar to Web Security Learning

Lightweight In-App Web Application Firewall for PHP

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

In progress rough solutions to bWAPP / bee-box

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

No description or website provided.

rewrite constructor arguments, call DOMPurify, profit

Bypass WAF SQL Injection SQLMAP

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

A Deliberately Insecure Web Application

List of every possible vulnerabilities in computer security.

Reinforced Mitigation Security Filter

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

XSS Payload without Anything.

Inclusive Angular API for DOMPurify

Minimalist cheat sheet for developpers to write secure code

Getting started with java code auditing 代码审计入门的小项目

Make XSS Great Again

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Prevents XSS by figuring out how to escape untrusted values in templates

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Extraction of iMessage Data via XSS

Markdown to HTML using marked and DOMPurify. Safe by default.

Cure53 Browser Security White Paper

utility to sanitize hast nodes

SQL Injection Payload List

Cheatsheet to exploit and learn SQL Injection.

Web Application Security Scanner Framework

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

Simple and lightweight library that helps to validate SVG files in security manners.

Go Web Application Penetration Test

Safe replacement for the v-html directive

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

SQL注入扫描器

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

An interactive multi-user web JS shell

Toolset for detecting reflected xss in websites

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Pretty vulnerable flask app..

A few SQL and XSS attack tools

Filter user input for XSS but don't touch other html

XSS in pastebin.com and reddit.com via unsanitized markdown output

Small but effective wordlist for brute-forcing and discovering hidden things.

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

Proof of Concept code for CVE-2015-0345 (APSB15-07)

Powerful dork searcher and vulnerability scanner for windows platform

An XSS reverse shell framework

A web application for generating custom XSS payloads

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A fast DOM based XSS vulnerability scanner with simplicity.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities