xss

There are 68 repositories under xss topic.

Hacker0x01 / hacker101
Source code for Hacker101.com - a free online web and mobile security class.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injection mobile-security vulnerability
Language:SCSS 13596
cure53 / DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
cross-site-scripting dom dompurify html javascript mathml prevent-xss-attacks sanitizer security svg xss
Language:JavaScript 12768
s0md3v / XSStrike
Most advanced XSS scanner.
waf-detection xss xss-bruteforce xss-detection xss-exploit xss-python xss-scanner xsstrike
Language:Python 12674
nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
bug-bounty-hunters hackers xss bug-bounty learn2hack hacking pentest web-security education ssrf bugbounty
10098
xray
chaitin / xray
一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
security vulnerability vulnerability-scanner passive-vulnerability-scanner xss sqlinjection poc
Language:Vue 9652
chaitin / SafeLine
一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.
acl cc firewall http-flood security security-tools sql-injection waf web-application-firewall web-security xss captcha docker modsecurity nginx
Language:C++ 8541
payloadbox / xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
xss xss-payloads xss-vulnerability xss-exploitation xss-detection xss-attacks xss-scanner xss-injection xss-poc xss-scanners website-vulnerability cross-site-scripting reflected-xss-vulnerabilities dom-based self-xss websecurity payloads xss-payload payload bugbounty
5582
dromara / lamp-cloud
lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离等租户隔离方案。
springcloud springboot eureka zuul spring spring-cloud nacos seata gateway xss hystrix jwt mybatis java admin cloud
Language:Java 5324
s0md3v / AwesomeXSS
Awesome XSS stuff
xss payload xss-payloads payload-list xss-detection xss-cheatsheet
Language:JavaScript 4643
CHYbeta / Web-Security-Learning
Web-Security-Learning
security sqlinjection xss
Language:HTML 4140
Arachni / arachni
Web Application Security Scanner Framework
arachni dom ruby audit detection security-audit analysis modular javascript scanners web-application vulnerability-detection crawler scanner hack hacking penetration-testing xss sql-injection
Language:Ruby 3639
foospidy / payloads
Git All the Payloads! A collection of web attack payloads.
payload payloads xss sqli web-attack-payloads passwords pentest hacking appsec cybersecurity
Language:Shell 3516
dalfox
hahwul / dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection xss-bruteforce xss-exploit
Language:Go 3266
reddelexc / hackerone-reports
Top disclosed reports from HackerOne
bugbounty csrf hackerone idor rce reports security sql-injection ssrf writeups xss xxe
Language:Python 3183
microcosm-cc / bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
sanitization html security xss go owasp allowlist golang
Language:Go 2973
Ascotbe / Medusa
:cat2:Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
poc exp payload medusa cve xss readteam dnslog virus email cobaltstrike metasploit-framework mail
Language:Python 2097
evilcos / xssor2
XSS'OR - Hack with JavaScript.
probe pentest-tool xss csrf encoding hacking-tool pentest hack
Language:JavaScript 2095
tom0li / collection-document
Collection of quality safety articles. Awesome articles.
dns pentest list security sec hacking src bug-bounty fuzz xss research github waf java hacker redteam bounty-hunters web cloud awesome
1968
0xSobky / HackVault
A container repository for my public web hacks!
exploit fuzzing payloads pentesting reconnaissance regex tracking web-security xss
Language:JavaScript 1879
terjanq / Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
bugbounty ctf html javascript payloads xss
Language:JavaScript 1809
ssl / ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
payload xss blind php test xss-vulnerability xss-exploitation xss-detection xss-attacks xss-injection xss-scanner blind-xss easy-to-use easy bug bugbounty penetration-testing alert redteam redteaming
Language:PHP 1766
mganss / HtmlSanitizer
Cleans HTML to avoid XSS attacks
html sanitizer xss
Language:C# 1478
1N3 / BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
web application scanner osint fuzzer owasp vulnerability python spider passive active sqli xss lfi rfi rce csrf automated scan bugbounty
Language:Python 1454
v3n0m-Scanner / V3n0M-Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
python3 asyncio lfi sqli xss scanner metasploit blackarch cloudflare hacking pentesting d0rk exploit ftp dns vulnerability vulnerability-scanners trawling toxin aiohttp
Language:Python 1414
B3nac / Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
android hackerone android-repo android-security android-resource bugbounty infosec xss steal-files bypass webview insecure-data-storage intercept-broadcasts
1351
AlisamTechnology / ATSCAN
Advanced dork Search & Mass Exploit Scanner
data dork engine exploitation lfi linux mass-exploitation-scanner ports portscan rfi scanner security server shell sqli system tools vulnerability-scanners web-application xss
Language:Perl 1324
m4n3dw0lf / pythem
pentest framework
pentest sniffer brute-force man-in-the-middle scanner xss proxy spoof denial-of-service exploit fuzzer network packet-analyser packet-parsing packet-processing packet-generator phishing security-audit hacking docker
Language:Python 1184
toxssin
t3l3machus / toxssin
An XSS exploitation command-line interface and payload generator.
cross-site-scripting exploitation javascript penetration-testing pentesting-tools python web-penetration-testing xss-exploitation xss-vulnerability hacking xss
Language:Python 1138
XSpear
hahwul / XSpear
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
xss hacking bugbounty pentest scanner tool gem ruby library scanning-xss selenium bugbountytips webhacking
Language:Ruby 1109
nemesida-waf / waf-bypass
Check your WAF before an attacker does
api-security-testing bypass graphql-injection lfi nosql-injection path-traversal python python3 rce rfi sqli-injection ssti waf waf-bypass-tool waf-testing xss
Language:Python 1086
masatokinugawa / filterbypass
Browser's XSS Filter Bypass Cheat Sheet
cheatsheet pentest security xss
1085
latte
nette / latte
☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
content-aware html latte nette nette-framework php safety security security-hole template-engine xss
Language:PHP 1061
epsylon / xsser
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
xsser pentesting toolkit xss exploiting
Language:Python 1057
pgaijin66 / XSS-Payloads
This repository holds all the list of advanced XSS payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.
xss xss-payloads advanced-xss
977
jklmnn / imagejs
Small tool to package javascript into a valid image file.
injection xss
Language:C 900
cn-panda / JavaCodeAudit
Getting started with java code auditing 代码审计入门的小项目
vulnerability-analysis ssrf java rce fastjson jackson xss sql code weblogic
Language:JavaScript 837