Stars
Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Use DOMPurify on server and client in the same way
Comprehensive documentation on web vulnerabilities, covering threats like SQL injection, XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), and more. Includes curated resources for proa…
A project that showcases a login system, that is vulnerable to XSS and SQL injection attacks, and also a secured one.
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
BruteXssh is an advanced GUI-based SSH cracker powered by Python libraries. It employs parallel processing, supports mass target selection, allows custom thread levels, and offers proxy functionali…
This repository contains all the XSS cheatsheet data to allow contributions from the community.
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
An automated XSS payload generator written in python.
BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more c…
A fast DOM based XSS vulnerability scanner with simplicity.
From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
This repository holds all the list of advanced XSS payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: