215 Open source projects that are alternatives of or similar to Xsshell

利用XSS入侵内网(Use XSS automation Invade intranet)

Browser's XSS Filter Bypass Cheat Sheet

An evil RAT (Remote Administration Tool) for macOS / OS X.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Hooks in to interesting functions and helps reverse the web app faster.

Advanced python HTTP reverse shell made for Hacking Competition purpose. I am not responsible of what you do with this tool.

Java web and command line applications demonstrating various security topics

Small tool to package javascript into a valid image file.

Cross-site scripting labs for web application security enthusiasts

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

generate reverse shell from CLI for linux and Windows.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Automating XSS using Bash

A list of resources for those interested in getting started in bug bounties

[POC] Asynchronous reverse shell using the HTTP protocol.

List of advanced XSS payloads

A tool to check a bunch of URLs that contain reflecting params.

☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.

A backdoor with a multitude of features.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

Powerfull XSS Scanning and Parameter analysis tool&gem

🔨 A multiple reverse shell session/client manager via terminal

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Collection of quality safety articles. Awesome articles.

XssPayload List . Usage:

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

JSshell - JavaScript reverse/remote shell

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Hacking tools

Multiplatform reverse shell generator

poc https reverse shell

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

iOS/macOS/Linux Remote Administration Tool

A framework for Backdoor development!

WAScan - Web Application Scanner

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

xss漏洞模糊测试payload的最佳集合 2020版

🖤 网络安全与渗透测试工具导航

Proactively protect your Node.js web services

bug bounty hunters starter notes

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

The Serverless Blind XSS App

A simple python reverse shell written just for fun.

Cure53 Browser Security White Paper

Git All the Payloads! A collection of web attack payloads.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Reverse shell generator written in Python 3.

Python Remote Administration Tool (RAT)

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.