Source code for Hacker101.com - a free online web and mobile security class.

Most advanced XSS scanner.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A list of resources for those interested in getting started in bug bounties

Awesome XSS stuff

Web-Security-Learning

基于SpringCloud(Hoxton.SR7) + SpringBoot(2.2.9.RELEASE) 的SaaS 微服务脚手架，具有统一授权、认证后台管理系统，其中包含具备用户管理、资源权限管理、网关API、分布式事务、大文件断点分片续传等多个模块，支持多业务系统并行开发，可以作为后端服务的开发脚手架。代码简洁，架构清晰，适合学习和直接项目中使用。核心技术采用Nacos、Fegin、Ribbon、Zuul、Hystrix、JWT Token、Mybatis、SpringBoot、Redis、RibbitMQ等主要框架和中间件。

Web Application Security Scanner Framework

Git All the Payloads! A collection of web attack payloads.

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

XSS'OR - Hack with JavaScript.

WAScan - Web Application Scanner

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A container repository for my public web hacks!

Collection of quality safety articles

pentest framework

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Cleans HTML to avoid XSS attacks

A collection of tiny XSS Payloads that can be used in different contexts.

Browser's XSS Filter Bypass Cheat Sheet

Small tool to package javascript into a valid image file.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Advanced dork Search & Mass Exploit Scanner

List of advanced XSS payloads

Perform advanced MiTM attacks on websites with ease 💉

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.