557 Open source projects that are alternatives of or similar to Xss Payload List

🎯 Command Injection Payload List

ALL IN ONE Hacking Tool For Hackers

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

A big list of Android Hackerone disclosed reports and other resources.

All about bug bounty (bypasses, payloads, and etc)

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Hide your payload into .jpg file

bug bounty hunters starter notes

🔠 Tool for generation samples based on OpenAPI(fka Swagger) payload/response schema

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Fast and lightweight yet another UEFI implementation

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Undetectable Windows Payload Generation

Subdomain Takeover tool written in Go

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

ARCANUS is a customized payload generator/handler.

DNS-Discovery is a multithreaded subdomain bruteforcer.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

A tool to test security of json web token

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

AutoIt HackTool, Shortcuts .lnk Payloads Generator As LNK-KISSER.

Find exploits in local and online databases instantly

Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Python Remote Administration Tool (RAT)

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

Hooks in to interesting functions and helps reverse the web app faster.

Collection of Facebook Bug Bounty Writeups

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Extract API keys from file or url using by magic of python and regex.

Web Application recon automation

RFD Checker - security CLI tool to test Reflected File Download issues

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Translator from USB-Rubber-Ducky payloads to a Digispark code.

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

The Swiss Army knife for automated Web Application Testing

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

▲ Web services for JavaScript, Angular.js, React.js, Vue.js, Meteor.js, Node.js, and other JavaScript-based websites, web apps, single page applications (SPA), and progressive web applications (PWA). Our services: Pre-rendering, Monitoring, Web Analytics, WebSec, and Web-CRON

checksum-reproducible tar archives (utility/library)

Metasploit Cheat Sheet 💣

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

Go-deliver is a payload delivery tool coded in Go.

pentest framework

Exploit Discord's cache system to remote upload payloads on Discord users machines

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

xWAF 3.0 - Free Web Application Firewall, Open-Source.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

A fast http and https prober, to check which URLs are alive

This challenge is Inon Shkedy's 31 days API Security Tips.

Urls de-duplication tool for better recon.