xss

There are 70 repositories under xss topic.

Hacker0x01 / hacker101
Source code for Hacker101.com - a free online web and mobile security class.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injection mobile-security vulnerability
Language:SCSS 13617
cure53 / DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
xss sanitizer dom security javascript dompurify prevent-xss-attacks mathml html svg cross-site-scripting
Language:JavaScript 12948
s0md3v / XSStrike
Most advanced XSS scanner.
xss xss-scanner xss-exploit xss-bruteforce xss-python xss-detection xsstrike waf-detection
Language:Python 12755
nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss
10184
xray
chaitin / xray
一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
passive-vulnerability-scanner poc security sqlinjection vulnerability vulnerability-scanner xss
Language:Vue 9720
chaitin / SafeLine
一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.
acl cc firewall http-flood security security-tools sql-injection waf web-application-firewall web-security xss captcha docker modsecurity nginx
Language:C++ 8962
payloadbox / xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
xss xss-payloads xss-vulnerability xss-exploitation xss-detection xss-attacks xss-scanner xss-injection xss-poc xss-scanners website-vulnerability cross-site-scripting reflected-xss-vulnerabilities dom-based self-xss websecurity payloads xss-payload payload bugbounty
5692
dromara / lamp-cloud
lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离等租户隔离方案。
springcloud springboot eureka zuul spring spring-cloud nacos seata gateway xss hystrix jwt mybatis java admin cloud
Language:Java 5362
s0md3v / AwesomeXSS
Awesome XSS stuff
xss payload xss-payloads payload-list xss-detection xss-cheatsheet
Language:JavaScript 4653
CHYbeta / Web-Security-Learning
Web-Security-Learning
security sqlinjection xss
Language:HTML 4150
Arachni / arachni
Web Application Security Scanner Framework
arachni dom ruby audit detection security-audit analysis modular javascript scanners web-application vulnerability-detection crawler scanner hack hacking penetration-testing xss sql-injection
Language:Ruby 3654
foospidy / payloads
Git All the Payloads! A collection of web attack payloads.
payload payloads xss sqli web-attack-payloads passwords pentest hacking appsec cybersecurity
Language:Shell 3533
dalfox
hahwul / dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection xss-bruteforce xss-exploit
Language:Go 3331
reddelexc / hackerone-reports
Top disclosed reports from HackerOne
bugbounty csrf hackerone idor rce reports security sql-injection ssrf writeups xss xxe
Language:Python 3251
microcosm-cc / bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
sanitization html security xss go owasp allowlist golang
Language:Go 2992
evilcos / xssor2
XSS'OR - Hack with JavaScript.
probe pentest-tool xss csrf encoding hacking-tool pentest hack
Language:JavaScript 2101
Ascotbe / Medusa
:cat2:Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
poc exp payload medusa cve xss readteam dnslog virus email cobaltstrike metasploit-framework mail
Language:Python 2100
tom0li / collection-document
Collection of quality safety articles. Awesome articles.
dns pentest list security sec hacking src bug-bounty fuzz xss research github waf java hacker redteam bounty-hunters web cloud awesome
1979
0xSobky / HackVault
A container repository for my public web hacks!
payloads web-security pentesting tracking fuzzing regex reconnaissance xss exploit
Language:JavaScript 1880
terjanq / Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
xss javascript html ctf bugbounty payloads
Language:JavaScript 1827
ssl / ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
payload xss blind php test xss-vulnerability xss-exploitation xss-detection xss-attacks xss-injection xss-scanner blind-xss easy-to-use easy bug bugbounty penetration-testing alert redteam redteaming
Language:PHP 1786
mganss / HtmlSanitizer
Cleans HTML to avoid XSS attacks
xss html sanitizer
Language:C# 1491
1N3 / BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
web application scanner osint fuzzer owasp vulnerability python spider passive active sqli xss lfi rfi rce csrf automated scan bugbounty
Language:Python 1461
v3n0m-Scanner / V3n0M-Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
python3 asyncio lfi sqli xss scanner metasploit blackarch cloudflare hacking pentesting d0rk exploit ftp dns vulnerability vulnerability-scanners trawling toxin aiohttp
Language:Python 1421
B3nac / Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
android hackerone android-repo android-security android-resource bugbounty infosec xss steal-files bypass webview insecure-data-storage intercept-broadcasts
1365
AlisamTechnology / ATSCAN
Advanced dork Search & Mass Exploit Scanner
dork server engine scanner xss lfi rfi ports exploitation sqli data vulnerability-scanners system security tools linux portscan shell web-application mass-exploitation-scanner
Language:Perl 1328
m4n3dw0lf / pythem
pentest framework
pentest sniffer brute-force man-in-the-middle scanner xss proxy spoof denial-of-service exploit fuzzer network packet-analyser packet-parsing packet-processing packet-generator phishing security-audit hacking docker
Language:Python 1190
toxssin
t3l3machus / toxssin
An XSS exploitation command-line interface and payload generator.
cross-site-scripting exploitation javascript penetration-testing pentesting-tools python web-penetration-testing xss-exploitation xss-vulnerability hacking xss
Language:Python 1138
XSpear
hahwul / XSpear
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
xss hacking bugbounty pentest scanner tool gem ruby library scanning-xss selenium bugbountytips webhacking
Language:Ruby 1118
nemesida-waf / waf-bypass
Check your WAF before an attacker does
waf python3 bypass python rce xss waf-bypass-tool api-security-testing lfi nosql-injection path-traversal rfi sqli-injection graphql-injection ssti waf-testing
Language:Python 1115
masatokinugawa / filterbypass
Browser's XSS Filter Bypass Cheat Sheet
pentest xss security cheatsheet
1087
epsylon / xsser
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
xsser pentesting toolkit xss exploiting
Language:Python 1073
latte
nette / latte
☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
nette nette-framework latte php template-engine xss security content-aware safety security-hole html
Language:PHP 1072
pgaijin66 / XSS-Payloads
This repository holds all the list of advanced XSS payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.
xss xss-payloads advanced-xss
979
jklmnn / imagejs
Small tool to package javascript into a valid image file.
injection xss
Language:C 900
cn-panda / JavaCodeAudit
Getting started with java code auditing 代码审计入门的小项目
vulnerability-analysis ssrf java rce fastjson jackson xss sql code weblogic
Language:JavaScript 844