502 Open source projects that are alternatives of or similar to xssfinder

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Top disclosed reports from HackerOne

No description or website provided.

Cross-site scripting labs for web application security enthusiasts

A fast DOM based XSS vulnerability scanner with simplicity.

Web Application Security Scanner Framework

XSS in pastebin.com and reddit.com via unsanitized markdown output

A tool to check a bunch of URLs that contain reflecting params.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Powerfull XSS Scanning and Parameter analysis tool&gem

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

XSS Payload without Anything.

A big list of Android Hackerone disclosed reports and other resources.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Automating XSS using Bash

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Hacking tools

Git All the Payloads! A collection of web attack payloads.

Small but effective wordlist for brute-forcing and discovering hidden things.

🖤 网络安全与渗透测试工具导航

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

This Python script can be used to bypass IP source restrictions using HTTP headers.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Nuclei Templates to reproduce Cracking the lens's Research

A list of useful payloads for Web Application Security and Pentest/CTF

👨‍🏫 Mike's Web Security Course

Gosint is a distributed asset information collection and vulnerability scanning platform

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

The Serverless Blind XSS App

利用XSS入侵内网(Use XSS automation Invade intranet)

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Java web and command line applications demonstrating various security topics

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Pretty vulnerable flask app..

Credentials Checking Framework

JSshell - JavaScript reverse/remote shell

XSS'OR - Hack with JavaScript.

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Proof of Concept code for CVE-2015-0345 (APSB15-07)

WAScan - Web Application Scanner

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Source code for Hacker101.com - a free online web and mobile security class.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

all manner of wordlists

Audit tool to find common vulnerabilities in PHP source code

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Filter user input for XSS but don't touch other html