There are 9 repositories under cross-site-scripting topic.
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
w3af: web application attack and audit framework, the open source web vulnerability scanner.
An XSS exploitation command-line interface and payload generator.
Build Content-Security-Policy headers from a JSON file (or build them programmatically)
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Tips on how to write exploit scripts (faster!)
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
phpMyAdmin XSS
this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.
XsSCan | Web Application XSS Scanner | Coded By Sir.4m1R [Mr.Hidden]
NLP model and tech for cyber security tasks
XSSearch is a comprehensive reflected XSS tool built on selenium framework in python language. It contains more than 3000 payloads for automating XSS attacks and validating XSS endpoint
Simple machine learning based web application firewall (WAF) created in python
Deep Security's APIs make it simple to integration with a variety of AWS Services
Simple API for storing all incoming XSS requests and various XSS templates.
PHP Cookie Stealing Scripts for use in XSS
Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML content. Widespread due to input validation lapses.
A PHP application which runs on Heroku and dumps web site outputs including JavaScript generated contents.
A Web application firewall to monitor, analyze and block traffic, built with Python
Exotic and uncommon XSS Vectors to hit the target as quickly as possible.
A simple script to detect unescaped characters in a web application for e.g. Cross Site Scripting (XSS) attacks.
It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. Checks on attribute values. Can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.
Cross Site Scripting Cheat sheet.
🐞 Understand how cross-site scripting occurs, how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.
👻 JavaScript basics for beginners and cybersecurity enthusiatsts. Learn the high-level, multi-paradigm language of the web.
Injects a trusted types policy into an HTML page to log all DOM sinks whenever HTML is written into the DOM.
This is a list contains 7000+ Cross Site Scripting Payloads.
This project contains datasets for Cross Site Scripting (XSS), SQL, and LDAP injections. The project also contains the Matlab code for creating SVM, K-NN, Random Forest, and Neural Networks classifiers to detect Web applications attacks.