502 Open source projects that are alternatives of or similar to xssfinder

Web path scanner

Awesome Writeups and POCs

Good resources about web security that I have read.

👨‍🏫 Mike's Web Security Course

A python tool to check subdomain takeover vulnerability

Community curated list of public bug bounty and responsible disclosure programs.

Flutter Reverse Engineering Framework

Small tool to package javascript into a valid image file.

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

CloudFlare Checker written in Go

Gosint is a distributed asset information collection and vulnerability scanning platform

Open Redirect scanner - (out of date)

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Yet Another PHP Shell - The most complete PHP reverse shell

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

利用XSS入侵内网(Use XSS automation Invade intranet)

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

Rockyou for web fuzzing

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

A passive subdomain finder

Reconness Agents Script

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Pentesting/Bugbounty Dockerfiles.

🎯 RFI/LFI Payload List

List of advanced XSS payloads

A tool for testing subdomain takeover possibilities at a mass scale.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Decode All Bases - Base Scheme Decoder

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Perform advanced MiTM attacks on websites with ease 💉

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Pretty vulnerable flask app..

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Domain availbility checker

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Dump exposed HTTP .git fast

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

XSS'OR - Hack with JavaScript.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Awesome Vulnerable Applications

Static and dynamic Android application security analysis

Pentest: Subdomains enumeration tool for penetration testers.

Make XSS Great Again

Smart contract vulnerability detection using graph neural network (DR-GCN).

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Most advanced XSS scanner.

List of every possible vulnerabilities in computer security.