Build software better, together

Hacker0x01 / hacker101

Source code for Hacker101.com - a free online web and mobile security class.

education security hacking xss sql-injection vulnerability csrf web-security mobile-security clickjacking hackerone session-fixation hacker101 unchecked-redirects

Updated Jan 19, 2022
SCSS

s0md3v / XSStrike

Star

Most advanced XSS scanner.

xss xss-scanner xss-detection xss-exploit xss-bruteforce xss-python xsstrike waf-detection

Updated Oct 19, 2021
Python

cure53 / DOMPurify

Sponsor

Star

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

javascript svg html security dom xss mathml sanitizer dompurify cross-site-scripting prevent-xss-attacks

Updated Jan 24, 2022
JavaScript

nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

Star

A list of resources for those interested in getting started in bug bounties

education hackers hacking xss bug-bounty web-security pentest ssrf bug-bounty-hunters learn2hack

Updated Sep 15, 2021

chaitin / xray

Star

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

security xss poc vulnerability passive-vulnerability-scanner sqlinjection vulnerability-scanner

Updated Jan 24, 2022
Vue

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀，具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发，支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

java jwt admin cloud spring spring-cloud gateway xss springboot mybatis zuul hystrix eureka springcloud nacos seata

Updated Jan 19, 2022
Java

s0md3v / AwesomeXSS

Star

Awesome XSS stuff

alert xss xss-detection payload xss-payloads payload-list javascript-context xss-cheatsheet

Updated Jan 12, 2021
JavaScript

CHYbeta / Web-Security-Learning

Star

Web-Security-Learning

security xss sqlinjection

Updated Oct 2, 2021
HTML

Arachni / arachni

Star

Web Application Security Scanner Framework

javascript ruby crawler security-audit modular hack dom analysis scanner detection hacking xss audit web-application penetration-testing sql-injection vulnerability-detection arachni scanners

Updated Jan 15, 2022
Ruby

foospidy / payloads

Star

Git All the Payloads! A collection of web attack payloads.

hacking xss cybersecurity sqli passwords pentest appsec payload payloads web-attack-payloads

Updated Apr 22, 2021
Shell

payloadbox / xss-payload-list

Star

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

xss xss-vulnerability xss-scanners bugbounty xss-scanner xss-exploitation xss-detection payload payloads xss-attacks xss-injection websecurity dom-based xss-poc cross-site-scripting reflected-xss-vulnerabilities website-vulnerability xss-payloads self-xss xss-payload

Updated Oct 2, 2021

microcosm-cc / bluemonday

Star

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

go html sanitization security whitelist risk xss data-uri owasp html-element scenario turns nofollow bluemonday

Updated Dec 31, 2021
Go

six2dez / reconftw

Sponsor

Star

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities