Xss Payload Listπ― Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: β 2,617 (+3436.49%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: β 975 (+1217.57%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: β 583 (+687.84%)
AllaboutbugbountyAll about bug bounty (bypasses, payloads, and etc)
Stars: β 758 (+924.32%)
Bugbounty CheatsheetA list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: β 3,644 (+4824.32%)
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
Stars: β 26 (-64.86%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: β 421 (+468.92%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: β 310 (+318.92%)
Dalfoxππ¦ DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: β 791 (+968.92%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: β 887 (+1098.65%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: β 1,022 (+1281.08%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: β 69 (-6.76%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: β 85 (+14.86%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: β 84 (+13.51%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: β 119 (+60.81%)
Ssti Payloadsπ― Server Side Template Injection Payloads
Stars: β 150 (+102.7%)
xssfinderToolset for detecting reflected xss in websites
Stars: β 105 (+41.89%)
ResourcesNo description or website provided.
Stars: β 38 (-48.65%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: β 331 (+347.3%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: β 115 (+55.41%)
QuickxssAutomating XSS using Bash
Stars: β 113 (+52.7%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: β 294 (+297.3%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: β 478 (+545.95%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: β 32,909 (+44371.62%)
HackvaultA container repository for my public web hacks!
Stars: β 1,364 (+1743.24%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: β 31 (-58.11%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: β 2,779 (+3655.41%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: β 974 (+1216.22%)
Xss LoaderXss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
Stars: β 215 (+190.54%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: β 2,862 (+3767.57%)
BurpSQLTruncSannerMessy BurpSuite plugin for SQL Truncation vulnerabilities.
Stars: β 53 (-28.38%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: β 58 (-21.62%)
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: β 61 (-17.57%)
goverviewgoverview - Get an overview of the list of URLs
Stars: β 93 (+25.68%)
HostPanicFind host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Stars: β 23 (-68.92%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: β 44 (-40.54%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: β 185 (+150%)
request smugglerHttp request smuggling vulnerability scanner
Stars: β 203 (+174.32%)
security-cheat-sheetMinimalist cheat sheet for developpers to write secure code
Stars: β 47 (-36.49%)
EmissarySend notifications on different channels such as Slack, Telegram, Discord etc.
Stars: β 33 (-55.41%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: β 54 (-27.03%)
allsafeIntentionally vulnerable Android application.
Stars: β 135 (+82.43%)
Awesome-HTTPRequestSmugglingA curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! π»
Stars: β 97 (+31.08%)
xss-http-injectorXSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Stars: β 22 (-70.27%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: β 208 (+181.08%)
ICUAn Extended, Modulair, Host Discovery Framework
Stars: β 40 (-45.95%)
rejigTurn your VPS into an attack box
Stars: β 33 (-55.41%)
ShadowCloneUnleash the power of cloud
Stars: β 224 (+202.7%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: β 158 (+113.51%)
BugBountyHuntingScriptsI built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.
Stars: β 160 (+116.22%)
WhoEnumMass querying whois records
Stars: β 24 (-67.57%)
flydnsRelated subdomains finder
Stars: β 29 (-60.81%)