cross-site-scripting

There are 12 repositories under cross-site-scripting topic.

• cure53 / DOMPurify

  DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

  xsssanitizerdomsecurityjavascriptdompurifyprevent-xss-attacksmathmlhtmlsvgcross-site-scripting
  Language:JavaScript 16169

• payloadbox / xss-payload-list

  🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

  bugbountycross-site-scriptingdom-basedpayloadpayloadsreflected-xss-vulnerabilitiesself-xsswebsecuritywebsite-vulnerabilityxssxss-attacksxss-detectionxss-exploitationxss-injectionxss-payloadxss-payloadsxss-pocxss-scannerxss-scannersxss-vulnerability
  7684

• andresriancho / w3af

  w3af: web application attack and audit framework, the open source web vulnerability scanner.

  scannersecurityappseccross-site-scriptingsql-injection
  Language:Python 4813
• toxssin

  t3l3machus / toxssin

  An XSS exploitation command-line interface and payload generator.

  cross-site-scriptingexploitationhackingjavascriptpenetration-testingpentesting-toolspythonweb-penetration-testingxssxss-exploitationxss-vulnerability
  Language:Python 1399

• LewisArdern / bXSS

  bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

  xssbxsssecuritybugbountyblueteamcross-site-scriptinginfosec
  Language:JavaScript 557

• paragonie / csp-builder

  Build Content-Security-Policy headers from a JSON file (or build them programmatically)

  content-security-policycross-site-scriptingcspcsp-buildercsp-headereasy-to-usehttphttp-headerjson-configurationphpsecure-by-defaultsecurityxss
  Language:PHP 542

• rizemon / exploit-writing-for-oswe

  Tips on how to write exploit scripts (faster!)

  awaeawae-preposweoswe-preppythonpython3requestsweb-exploitationcross-site-scriptingsql-injectionsqlixss
  521

• ethicalhackingplayground / bxss

  Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.

  blind-xssbugbountycross-site-scriptingpentesting-tools
  Language:Go 364

• Sharpforce / XSS-Exploitation-Tool

  An XSS Exploitation Tool

  cross-site-scriptingxssxss-attacks
  Language:PHP 322
• Egyscan

  dragonked2 / Egyscan

  Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

  cybersecurityscannervulnerability-scannerscommand-linecross-site-scriptinginjectionpythonrceremotesqlinjectionvulnerabilityvulnerability-detectionxsssql-injection-remote-code-execution-cross-siteremote-code-executionsql-injectioncommand-injectionlfissrfxxe-injection
  Language:Python 300

• Stuub / Helios

  Helios: Automated XSS Testing

  code-executioncross-site-scriptingcvecve-2024cybersecurityoffensive-securityowasppenetration-testingpythonred-teamstuubxss
  Language:Python 155

• Proviesec / xss-payload-list

  xss-payload-list

  bugbountycross-site-scriptingpentestingsecurityxss
  Language:JavaScript 123

• moeinfatehi / xss_vulnerability_challenges

  this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

  application-securityappsecurityinfosecpenetration-testingpentestingxssxss-attacksxss-detectionxss-exploitationxss-filterxss-vulnerabilitycross-site-scriptinginput-validationowaspowasp-top-10owasp-top-ten
  Language:PHP 117

• Damian89 / xssfinder

  Toolset for detecting reflected xss in websites

  xssitsecuritycross-site-scriptingvulnerability-detectionbugbountypentestingpython3
  Language:Python 114

• dipakpanchal05 / CVE-2022-23808

  phpMyAdmin XSS

  zerodayxssexploitexploitationphpmyadmindatabasecross-site-scriptingvulnerabilitybugbountyredteamredteamingpentestinghackingpocowaspowasp-top-10infosec
  114

• jackaduma / NLP4CyberSecurity

  NLP model and tech for cyber security tasks

  cyber-securitycybersecuritydeep-learningmachine-learningnetwork-securitynlpnlp-deep-learningnlp-machine-learningmalicious-url-detectionpassword-strengthphishing-detectiontext-classificationcross-site-scriptingcross-site-scripting-proofphishing-attackscode-injectioncommand-injectionsql-injectionxss-injection
  Language:Jupyter Notebook 88

• The404Hacking / XsSCan

  XsSCan | Web Application XSS Scanner | Coded By Sir.4m1R [Mr.Hidden]

  the404hackingxssscanxssscanscannersecuritysecurity-scannerxss-vulnerabilitysubdomainhackingpythoncross-site-scripting
  Language:Python 86

• xadhrit / xira

  xss vulnerability scanner and input fuzzing tool.

  pentesting-toolsweb-hackingcross-site-scriptingvulnerability-scannerspython3
  Language:Python 63

• MrPr0fessor / Google-Dorks-for-Cross-site-Scripting-XSS

  Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML content. Widespread due to input validation lapses.

  cross-site-scriptingcybercyber-securityethical-hacking-toolsgoogle-dorkspenetration-testing-toolsvulnerability-assessmentvulnerability-detectionvulnerability-scannersweb-application-securityweb-penetration-testingxssxss-payloadxss-payloadsxss-vulnerabilityfind-xss
  61

• Encryptor-Sec / XSSearch

  XSSearch is a comprehensive reflected XSS tool built on selenium framework in python language. It contains more than 3000 payloads for automating XSS attacks and validating XSS endpoint

  xsscross-site-scriptingreflect-xsspython3selenium-webdriverlinuxcommand-line-toolbugbountyxss-detectionxss-finderxss-payloadsxss-scanner
  Language:Python 60
• ML-based-WAF

  vladan-stojnic / ML-based-WAF

  Simple machine learning based web application firewall (WAF) created in python

  sqlixsspath-traversalsql-injectioncross-site-scriptingcmdicommand-injectionparameter-tamperinghttpmlmachine-learningsvmtf-idfdecision-treeswafweb-application-firewallpythonsklearnscapydash
  Language:Jupyter Notebook 60

• sametsahinnet / jsscm

  JSSCM detects expired domains for Stored XSS exploitation during browsing.

  application-securitybugbountybugbounty-toolchrome-extensioncross-site-scriptinginfosecjavascriptpentestingsecuritysecurity-scannersecurity-toolsvulnerabilityweb-securityxss
  Language:JavaScript 53

• ivan-sincek / xss-catcher

  Simple API for storing all incoming XSS requests and various XSS templates.

  apiblind-xssbug-bountycorscross-origin-resource-sharingcross-site-request-forgerycross-site-scriptingcsrfethical-hackingjavascriptoffensive-securitypenetration-testingphpred-team-engagementsecuritywebweb-penetration-testingxss
  Language:HTML 48

• deep-security / aws-waf

  Deep Security's APIs make it simple to integration with a variety of AWS Services

  aws-wafdeep-securitysql-injectioncross-site-scriptingiplistsecurity-automation
  43

• Ak-wa / XSSRecon

  XSSRecon - Reflected XSS Scanner

  xss-exploitationxss-scannercross-site-scriptingscanner-webpython3linuxkali-linuxkali-scripts
  Language:Python 28

• hexrom / CookieHeist

  PHP Cookie Stealing Scripts for use in XSS

  session-cookiecross-site-scriptingxss-attackssession-hijackingphp
  Language:PHP 28

• J2TEAM / xss-me

  A simple web application to learn about Cross-Site Scripting (XSS)

  xssxss-poccross-site-scriptingsecurity
  Language:PHP 23

• p4p1 / xss_bomb

  A cross site scripting command and control notification server

  xssjavascriptexpoexpressandroidpentesting-toolswebapplicationhackingpenetration-testing-toolshacking-toolscross-site-scriptingburp-collaborator-server
  Language:JavaScript 22

• michaeluno / php-simple-web-scraper

  A PHP application which runs on Heroku and dumps web site outputs including JavaScript generated contents.

  herokuscraperphpphantomjscrowlerproxycross-sitecross-domaincross-domain-requestcross-domain-solutioncross-origincross-origin-resource-sharingweb-scraperheroku-applicationcross-site-scripting
  Language:PHP 21

• humblelad / Awesome-XSS-Payloads

  Exotic and uncommon XSS Vectors to hit the target as quickly as possible.

  xss-vulnerabilitycross-site-scriptingsecurity-testing
  20

• fmereani / Cross-Site-Scripting-XSS

  This project contains datasets for Cross Site Scripting (XSS), SQL, and LDAP injections. The project also contains the Matlab code for creating SVM, K-NN, Random Forest, and Neural Networks classifiers to detect Web applications attacks.

  ml-classifierxssdatasetsxss-payloadsldap-injectionssql-icross-site-scripting
  Language:MATLAB 19

• dayeya / FinalWall

  A Web application firewall to monitor, analyze and block traffic, built with Python

  attacks-threats-vulnerabilitescybersecuritynetworkingpydivertpythoncross-site-scriptingcsrf-protectionfile-inclusionsql-injectionxss
  Language:Python 18

• OSTEsayed / OSTE-Vulnerable-Web-Application

  Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

  cross-site-scriptingcyber-securityos-command-injectionphpsqlsql-injectionvulnerable-web-appweb-securityweb-vulnerabilityxss-vulnerability
  Language:PHP 15
• Ronin

  byt3n33dl3 / Ronin

  🔱 Ronin the Shogun, WebApp parameter analysis and fuzzer for XSS and SSRF.

  injection-attacksxsscrlfssrfcross-site-scriptingcross-site-request-forgeryronin
  Language:C 14

• isira-adithya / xsspecter

  A comprehensive toolkit for ethical security testing of Cross-Site Scripting (XSS) vulnerabilities. Features a CLI tool for automated payload spraying across web targets and a server component for callback handling with persistent storage, analytics dashboard, and multi-channel notifications.

  cross-site-scriptingethical-hacking-toolsweb-securityxss
  Language:CSS 14

• shreyaschavhan / xss

  All About XSS

  cross-site-scriptingxss
  14