349 Open source projects that are alternatives of or similar to XSS-Cheatsheet

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Audit tool to find common vulnerabilities in PHP source code

A few SQL and XSS attack tools

XSS in pastebin.com and reddit.com via unsanitized markdown output

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Extraction of iMessage Data via XSS

Source code for Hacker101.com - a free online web and mobile security class.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Go Web Application Penetration Test

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Powerful dork searcher and vulnerability scanner for windows platform

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

🔪Browser logic vulnerabilities ☠️

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

XSS Payload without Anything.

Advanced Web Browser Fingerprinting

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

Python SDK to access the vulnerability database

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

A Deliberately Insecure Web Application

My exploitDB.

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Markdown to HTML using marked and DOMPurify. Safe by default.

A web application for generating custom XSS payloads

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

Inclusive Angular API for DOMPurify

Deliberately vulnerable scripts for Web Security training

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

utility to sanitize hast nodes

Misc. Public Reports of Penetration Testing and Security Audits.

SmartBugs: A Framework to Analyze Solidity Smart Contracts

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

IoT固件漏洞挖掘工具

👨‍💻 A work-in-progress web services mass scanner written in Rust

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

An implementation of the waithax / slowhax 3DS Kernel11 exploit.

Real world and CTFs exploiting web/binary POCs.

SQL Injection Payload List

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

Reinforced Mitigation Security Filter

List of every possible vulnerabilities in computer security.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

Understanding Linux Kernel Vulnerability

漏洞研究

Log4j Vulnerability Scanner for Windows

Lightweight In-App Web Application Firewall for PHP

No description or website provided.