RenwaX23/XSS-Payloads

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/RenwaX23/XSS-Payloads)

RenwaX23 / XSS-Payloads

List of XSS Vectors/Payloads

☆1,364

Alternatives and similar repositories for XSS-Payloads

Users that are interested in XSS-Payloads are comparing it to the libraries listed below

Sorting:

cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,482Oct 12, 2024Updated last year
s0md3v / AwesomeXSS
View on GitHub
Awesome XSS stuff
☆5,066Oct 30, 2024Updated last year
ssl / ezXSS
View on GitHub
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
☆2,244Jan 8, 2026Updated 2 months ago
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,493Sep 4, 2025Updated 6 months ago
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,589Jan 27, 2024Updated 2 years ago
wagiro / BurpBounty
View on GitHub
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
☆1,779Apr 26, 2024Updated last year
terjanq / Tiny-XSS-Payloads
View on GitHub
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
☆2,313Nov 29, 2024Updated last year
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,294Apr 13, 2024Updated last year
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,089Aug 14, 2024Updated last year
elkokc / reflector
View on GitHub
Burp plugin able to find reflected XSS on page in real-time while browsing on site
☆1,203Feb 2, 2021Updated 5 years ago
msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆522Sep 17, 2022Updated 3 years ago
s0md3v / Arjun
View on GitHub
HTTP parameter discovery suite.
☆6,109Feb 20, 2025Updated last year
1N3 / IntruderPayloads
View on GitHub
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
☆3,903Sep 27, 2021Updated 4 years ago
EdOverflow / bugbounty-cheatsheet
View on GitHub
A list of interesting payloads, tips and tricks for bug bounty hunters.
☆6,385Sep 14, 2023Updated 2 years ago
snoopysecurity / awesome-burp-extensions
View on GitHub
A curated list of amazingly awesome Burp Extensions
☆3,372Feb 17, 2026Updated 2 weeks ago
jdonsec / AllThingsSSRF
View on GitHub
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
☆1,361Jan 24, 2021Updated 5 years ago
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,171May 26, 2023Updated 2 years ago
masatokinugawa / filterbypass
View on GitHub
Browser's XSS Filter Bypass Cheat Sheet
☆1,150May 6, 2017Updated 8 years ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
hakluke / weaponised-XSS-payloads
View on GitHub
XSS payloads designed to turn alert(1) into P1
☆1,394Sep 12, 2023Updated 2 years ago
EdOverflow / can-i-take-over-xyz
View on GitHub
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
☆5,572Feb 8, 2025Updated last year
epinna / tplmap
View on GitHub
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
☆4,123Apr 21, 2024Updated last year
m4ll0k / Atlas
View on GitHub
Quick SQLMap Tamper Suggester
☆1,397Jul 18, 2022Updated 3 years ago
RenwaX23 / XSSTRON
View on GitHub
Electron JS Browser To Find XSS Vulnerabilities Automatically
☆747Mar 30, 2021Updated 4 years ago
1ndianl33t / Gf-Patterns
View on GitHub
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
☆1,401Sep 13, 2024Updated last year
devanshbatham / ParamSpider
View on GitHub
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
☆3,012Jun 24, 2024Updated last year
arkadiyt / bounty-targets-data
View on GitHub
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for …
☆3,659Updated this week
hahwul / dalfox
View on GitHub
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
☆4,859Feb 28, 2026Updated last week
filedescriptor / untrusted-types
View on GitHub
☆694Jul 4, 2022Updated 3 years ago
ghsec / webHunt
View on GitHub
Web App bug hunting
☆578Nov 26, 2025Updated 3 months ago
whitel1st / docem
View on GitHub
A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
☆677Jan 28, 2024Updated 2 years ago
teknogeek / ssrf-sheriff
View on GitHub
A simple SSRF-testing sheriff written in Go
☆336Oct 31, 2024Updated last year
Sh1Yo / x8
View on GitHub
Hidden parameters discovery suite
☆2,028Sep 8, 2024Updated last year
tomnomnom / hacks
View on GitHub
A collection of hacks and one-off scripts
☆2,423Mar 13, 2025Updated 11 months ago
zigoo0 / JSONBee
View on GitHub
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
☆750May 6, 2024Updated last year
0xInfection / Awesome-WAF
View on GitHub
Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
☆7,381Aug 28, 2025Updated 6 months ago
michenriksen / aquatone
View on GitHub
A Tool for Domain Flyovers
☆5,904May 22, 2022Updated 3 years ago
modzero / mod0BurpUploadScanner
View on GitHub
HTTP file upload scanner for Burp Proxy
☆490Dec 25, 2023Updated 2 years ago