List of XSS Vectors/Payloads
☆1,366Jan 14, 2026Updated 2 months ago
Alternatives and similar repositories for XSS-Payloads
Users that are interested in XSS-Payloads are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- SSRF (Server Side Request Forgery) testing resources☆2,482Oct 12, 2024Updated last year
- Awesome XSS stuff☆5,074Oct 30, 2024Updated last year
- Prototype Pollution and useful Script Gadgets☆1,601Jan 27, 2024Updated 2 years ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.☆2,251Jan 8, 2026Updated 2 months ago
- A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me☆2,331Nov 29, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Client Side Prototype Pollution Scanner☆523Sep 17, 2022Updated 3 years ago
- Automatic SSRF fuzzer and exploitation tool☆3,515Sep 4, 2025Updated 6 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆6,124Aug 14, 2024Updated last year
- A python script that finds endpoints in JavaScript files☆4,309Apr 13, 2024Updated last year
- Burp plugin able to find reflected XSS on page in real-time while browsing on site☆1,204Feb 2, 2021Updated 5 years ago
- HTTP parameter discovery suite.☆6,154Feb 20, 2025Updated last year
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,790Apr 26, 2024Updated last year
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆5,605Feb 8, 2025Updated last year
- Browser's XSS Filter Bypass Cheat Sheet☆1,153May 6, 2017Updated 8 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,910Sep 27, 2021Updated 4 years ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,413Sep 14, 2023Updated 2 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,172May 26, 2023Updated 2 years ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in various servers☆3,334Apr 18, 2023Updated 2 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,131Apr 21, 2024Updated last year
- Electron JS Browser To Find XSS Vulnerabilities Automatically☆749Mar 30, 2021Updated 5 years ago
- ☆695Jul 4, 2022Updated 3 years ago
- A curated list of amazingly awesome Burp Extensions☆3,385Feb 17, 2026Updated last month
- XSS payloads designed to turn alert(1) into P1☆1,395Sep 12, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location☆1,364Jan 24, 2021Updated 5 years ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3�☆2,068Jan 2, 2024Updated 2 years ago
- 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.☆4,884Mar 22, 2026Updated last week
- Web App bug hunting☆576Nov 26, 2025Updated 4 months ago
- Hidden parameters discovery suite☆2,038Sep 8, 2024Updated last year
- A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.☆754May 6, 2024Updated last year
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing☆3,025Mar 7, 2026Updated 3 weeks ago
- This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for …☆3,675Updated this week
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep☆1,412Sep 13, 2024Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- A simple SSRF-testing sheriff written in Go☆336Oct 31, 2024Updated last year
- A Tool for Domain Flyovers☆5,916May 22, 2022Updated 3 years ago
- Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥☆7,401Updated this week
- Quick SQLMap Tamper Suggester☆1,398Jul 18, 2022Updated 3 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆680Jan 28, 2024Updated 2 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,503Jan 8, 2026Updated 2 months ago
- Potentially dangerous files☆3,289Aug 25, 2025Updated 7 months ago