Trending repositories for topic xss

serve as a reverse proxy to protect your web services from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A list of resources for those interested in getting started in bug bounties

Top disclosed reports from HackerOne

Source code for Hacker101.com - a free online web and mobile security class.

Most advanced XSS scanner.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Dork Search , Vulnerability Scanner ,SQL Injection , XSS , LFI ,RFI

An XSS exploitation command-line interface and payload generator.

Burp Suite Certified Practitioner Exam Study

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

仿幕布(mubu.com)风格思维导图，Vue3+SVG实现。

Automation tool to testing and confirm the xss vulnerability.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

仿幕布(mubu.com)风格思维导图，Vue3+SVG实现。

Dork Search , Vulnerability Scanner ,SQL Injection , XSS , LFI ,RFI

serve as a reverse proxy to protect your web services from attacks and exploits.

Automation tool to testing and confirm the xss vulnerability.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

Top disclosed reports from HackerOne

Burp Suite Certified Practitioner Exam Study

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

An XSS exploitation command-line interface and payload generator.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

A list of resources for those interested in getting started in bug bounties

Source code for Hacker101.com - a free online web and mobile security class.

Most advanced XSS scanner.

serve as a reverse proxy to protect your web services from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Top disclosed reports from HackerOne

A list of resources for those interested in getting started in bug bounties

Most advanced XSS scanner.

Source code for Hacker101.com - a free online web and mobile security class.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Use DOMPurify on server and client in the same way

Web Application Security Scanner Framework

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Git All the Payloads! A collection of web attack payloads.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

An XSS Exploitation Tool

An XSS exploitation command-line interface and payload generator.

lamp-cloud 支持jdk21、jdk17、jdk11、jdk8，ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

List of every possible vulnerabilities in computer security.

serve as a reverse proxy to protect your web services from attacks and exploits.

Use DOMPurify on server and client in the same way

仿幕布(mubu.com)风格思维导图，Vue3+SVG实现。

Dork Search , Vulnerability Scanner ,SQL Injection , XSS , LFI ,RFI

An XSS Exploitation Tool

jQuery with XSS, Testing and Secure Version

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

Automation tool to testing and confirm the xss vulnerability.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Top disclosed reports from HackerOne

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

A fast DOM based XSS vulnerability scanner with simplicity.

serve as a reverse proxy to protect your web services from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Most advanced XSS scanner.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A list of resources for those interested in getting started in bug bounties

Top disclosed reports from HackerOne

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A big list of Android Hackerone disclosed reports and other resources.

Source code for Hacker101.com - a free online web and mobile security class.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

Web Application Security Scanner Framework

An XSS exploitation command-line interface and payload generator.

Awesome XSS stuff

lamp-cloud 支持jdk21、jdk17、jdk11、jdk8，ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。

🔥 Repo related to my FrontendMasters course. An Advanced Web Dev Quiz that covers a wide range of the things web devs get to deal with on a daily basis.

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

Automation tool to testing and confirm the xss vulnerability.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

List of every possible vulnerabilities in computer security.

Dork Search , Vulnerability Scanner ,SQL Injection , XSS , LFI ,RFI

Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML conte...

serve as a reverse proxy to protect your web services from attacks and exploits.

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

libinjection is a Golang port of the libinjection(https://github.com/client9/libinjection)

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

🔥 Repo related to my FrontendMasters course. An Advanced Web Dev Quiz that covers a wide range of the things web devs get to deal with on a daily basis.

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Automatic tool to find Google Dorks

A big list of Android Hackerone disclosed reports and other resources.

Tool for automate bug hunting process 🔍 --> 🍭

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

Automation tool to testing and confirm the xss vulnerability.

Helios: Automated XSS Testing

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

Automatic tool to find Google Dorks

Clean your rich text from XSS threats.

serve as a reverse proxy to protect your web services from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A list of resources for those interested in getting started in bug bounties

Top disclosed reports from HackerOne

Most advanced XSS scanner.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Source code for Hacker101.com - a free online web and mobile security class.

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

lamp-cloud 支持jdk21、jdk17、jdk11、jdk8，ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。

Check your WAF before an attacker does

Web Application Security Scanner Framework

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

Awesome XSS stuff

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

Burp Suite Certified Practitioner Exam Study

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Tool for automate bug hunting process 🔍 --> 🍭

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

Helios: Automated XSS Testing

A utility for detecting webpage inputs and conducting XSS scans.

Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML conte...

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

🔥 Web application firewalls (WAF) bypass

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

[V5] This will help you setup a grabber with the following features: History, Passwords, Tokens, Cookies, Emails, IP Adresses, Roblox Login Information, Windows Keys, Computer Information.

List of every possible vulnerabilities in computer security.

serve as a reverse proxy to protect your web services from attacks and exploits.

🔥 Repo related to my FrontendMasters course. An Advanced Web Dev Quiz that covers a wide range of the things web devs get to deal with on a daily basis.

Diccionarios de: usuarios, passwords, XSS, Dorks, etc .. ( hackingyseguridad.com )

Safe replacement for the v-html directive

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

Social Engineering Browser Update Attack.