Trending repositories for topic xss

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Top disclosed reports from HackerOne

Most advanced XSS scanner.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A list of resources for those interested in getting started in bug bounties

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Source code for Hacker101.com - a free online web and mobile security class.

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Burp Suite Certified Practitioner Exam Study

An XSS Exploitation Tool

Awesome XSS stuff

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

Cleans HTML to avoid XSS attacks

Collection of quality safety articles. Awesome articles.

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

An XSS Exploitation Tool

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Top disclosed reports from HackerOne

Burp Suite Certified Practitioner Exam Study

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

A list of resources for those interested in getting started in bug bounties

Most advanced XSS scanner.

Cleans HTML to avoid XSS attacks

Collection of quality safety articles. Awesome articles.

Awesome XSS stuff

Source code for Hacker101.com - a free online web and mobile security class.

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Top disclosed reports from HackerOne

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Most advanced XSS scanner.

A list of resources for those interested in getting started in bug bounties

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Source code for Hacker101.com - a free online web and mobile security class.

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

An XSS Exploitation Tool

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Burp Suite Certified Practitioner Exam Study

Collection of quality safety articles. Awesome articles.

Git All the Payloads! A collection of web attack payloads.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Cleans HTML to avoid XSS attacks

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

An XSS Exploitation Tool

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

🔥 Web application firewalls (WAF) bypass

eLearnSecurity Junior Penetration Tester (eJPT) v2 Notes

Hooks in to interesting functions and helps reverse the web app faster.

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Top disclosed reports from HackerOne

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App

Burp Suite Certified Practitioner Exam Study

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m...

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Top disclosed reports from HackerOne

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Most advanced XSS scanner.

A list of resources for those interested in getting started in bug bounties

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Source code for Hacker101.com - a free online web and mobile security class.

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Burp Suite Certified Practitioner Exam Study

lamp-cloud 支持jdk21、jdk17、jdk11、jdk8，ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

Web Application Security Scanner Framework

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Git All the Payloads! A collection of web attack payloads.

An XSS Exploitation Tool

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

🔥 Web application firewalls (WAF) bypass

eLearnSecurity Junior Penetration Tester (eJPT) v2 Notes

Tools and methods that I personally use for Recon and Exploitations

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

[V5] This will help you setup a grabber with the following features: History, Passwords, Tokens, Cookies, Emails, IP Adresses, Roblox Login Information, Windows Keys, Computer Information.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

An XSS Exploitation Tool

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

Simple-XSS is a multiplatform cross-site scripting (XSS) vulnerability exploitation tool.

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

网络安全训练营全部资料，包括 Web 安全、网络安全、信息安全、系统防护、攻防渗透、云安全

Automation tool to testing and confirm the xss vulnerability.

Tips on how to write exploit scripts (faster!)

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Top disclosed reports from HackerOne

「💉」XSS Payload List

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Automation tool to testing and confirm the xss vulnerability.

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

Helios: Automated XSS Testing

🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]

Clean your rich text from XSS threats.

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Top disclosed reports from HackerOne

Most advanced XSS scanner.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A list of resources for those interested in getting started in bug bounties

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Source code for Hacker101.com - a free online web and mobile security class.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Check your WAF before an attacker does

lamp-cloud 支持jdk21、jdk17、jdk11、jdk8，ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App

Awesome XSS stuff

Web Application Security Scanner Framework

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Burp Suite Certified Practitioner Exam Study

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]

eLearnSecurity Junior Penetration Tester (eJPT) v2 Notes

网络安全训练营全部资料，包括 Web 安全、网络安全、信息安全、系统防护、攻防渗透、云安全

Automatic tool to find Google Dorks

Tool for automate bug hunting process 🔍 --> 🍭

Helios: Automated XSS Testing

🔥 Web application firewalls (WAF) bypass

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

A utility for detecting webpage inputs and conducting XSS scans.

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App

Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML conte...

[V5] This will help you setup a grabber with the following features: History, Passwords, Tokens, Cookies, Emails, IP Adresses, Roblox Login Information, Windows Keys, Computer Information.

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

List of every possible vulnerabilities in computer security.

ALL IN ONE Hacking Tool For Hackers

Tools and methods that I personally use for Recon and Exploitations

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.