133 Open source projects that are alternatives of or similar to Xss Payloads

An implementation of PHP's strip_tags in Typescript.

In progress rough solutions to bWAPP / bee-box

Getting started with java code auditing 代码审计入门的小项目

Make XSS Great Again

XssPayload List . Usage:

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Prevents XSS by figuring out how to escape untrusted values in templates

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Extraction of iMessage Data via XSS

A big list of Android Hackerone disclosed reports and other resources.

Cure53 Browser Security White Paper

A few SQL and XSS attack tools

Git All the Payloads! A collection of web attack payloads.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

🖤 网络安全与渗透测试工具导航

A web application for generating custom XSS payloads

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

👨‍🏫 Mike's Web Security Course

List of every possible vulnerabilities in computer security.

利用XSS入侵内网(Use XSS automation Invade intranet)

The popular NoScript Security Suite browser extension.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

No description or website provided.

XSS'OR - Hack with JavaScript.

Perform advanced MiTM attacks on websites with ease 💉

Source code for Hacker101.com - a free online web and mobile security class.

Inclusive Angular API for DOMPurify

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Cross-site scripting labs for web application security enthusiasts

Top disclosed reports from HackerOne

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Powerful dork searcher and vulnerability scanner for windows platform

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

A container repository for my public web hacks!

🔪Browser logic vulnerabilities ☠️

Hacking tools

utility to sanitize hast nodes

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Awesome XSS stuff

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

xWAF 3.0 - Free Web Application Firewall, Open-Source.

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

Simple and lightweight library that helps to validate SVG files in security manners.

☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

An interactive multi-user web JS shell

XSS Payload without Anything.