Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+2392.38%)
gradejsGradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Stars: ✭ 362 (+244.76%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+744.76%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+180%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-63.81%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+13.33%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+195.24%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+2701.9%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-20%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (+9.52%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+828.57%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+455.24%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (+269.52%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+873.33%)
avainA Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-46.67%)
DompurifyDOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Stars: ✭ 8,177 (+7687.62%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+877.14%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (+91.43%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (+7.62%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-19.05%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+653.33%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+215.24%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+827.62%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+2625.71%)
Wordlist404Small but effective wordlist for brute-forcing and discovering hidden things.
Stars: ✭ 101 (-3.81%)
Veneno Stars: ✭ 230 (+119.05%)
Secbox🖤 网络安全与渗透测试工具导航
Stars: ✭ 222 (+111.43%)
fleexFleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Stars: ✭ 181 (+72.38%)
ipsourcebypassThis Python script can be used to bypass IP source restrictions using HTTP headers.
Stars: ✭ 326 (+210.48%)
Xss LoaderXss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
Stars: ✭ 215 (+104.76%)
Angularjs Csti ScannerAutomated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Stars: ✭ 214 (+103.81%)
Blind-SSRFNuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (+5.71%)
BerserkerA list of useful payloads for Web Application Security and Pentest/CTF
Stars: ✭ 212 (+101.9%)
gosintGosint is a distributed asset information collection and vulnerability scanning platform
Stars: ✭ 344 (+227.62%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+1397.14%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-68.57%)
XlessThe Serverless Blind XSS App
Stars: ✭ 191 (+81.9%)
Webrtcxss利用XSS入侵内网(Use XSS automation Invade intranet)
Stars: ✭ 190 (+80.95%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-44.76%)
JavasecurityJava web and command line applications demonstrating various security topics
Stars: ✭ 182 (+73.33%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (+63.81%)
flask-vulnPretty vulnerable flask app..
Stars: ✭ 23 (-78.1%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-52.38%)
JsshellJSshell - JavaScript reverse/remote shell
Stars: ✭ 167 (+59.05%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+1775.24%)
SourceWolfAmazingly fast response crawler to find juicy stuff in the source code! 😎🔥
Stars: ✭ 132 (+25.71%)
WascanWAScan - Web Application Scanner
Stars: ✭ 1,895 (+1704.76%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-8.57%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+11562.86%)
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+1933.33%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-78.1%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+39.05%)
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (+27.62%)
laravel-xss-filterFilter user input for XSS but don't touch other html
Stars: ✭ 38 (-63.81%)