A cheatsheet for common JavaScript sources and sinks that lead to potential vulnerabilities.
☆56Jun 13, 2023Updated 2 years ago
Alternatives and similar repositories for Sources-And-Sinks-Cheatsheet
Users that are interested in Sources-And-Sinks-Cheatsheet are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- All About XSS☆16Oct 23, 2022Updated 3 years ago
- Passive JavaScript reconnaissance for penetration testers — bridging Burp Suite traffic into structured, AST-based analysis in VSCode.☆36Feb 5, 2026Updated 2 months ago
- Extractify extension is a Chrome extension designed for web security testing, enabling users to efficiently extract JavaScript files and …☆30Dec 10, 2024Updated last year
- A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfac…☆88Apr 19, 2025Updated 11 months ago
- TLDFinder is a Python package that identifies valid top-level domains (TLDs) for a list of domains with wildcard characters in the TLD.☆24Jul 2, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- OWASP Foundation Web Respository☆26Oct 11, 2025Updated 6 months ago
- HTTP testing platform for security researchers☆29Updated this week
- Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰☆23Feb 27, 2024Updated 2 years ago
- A simple python script to download Voorivex Academy videos☆18May 17, 2024Updated last year
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆787Dec 9, 2025Updated 4 months ago
- Get some useful data from Clouds for your targets☆20Apr 5, 2026Updated last week
- ☆27May 21, 2025Updated 10 months ago
- 🚀 Sling Shot R3con: Automate Your Bug Bounty and Pentest Reconnaissance with Project Discovery tools 🎯☆25Sep 21, 2023Updated 2 years ago
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆294Apr 9, 2024Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- OOB listener powered by cloudflare workers☆12Apr 13, 2025Updated last year
- A collection of js analysis tools & scripts.☆19Mar 8, 2026Updated last month
- A tool to find domains that are in the same Microsoft tenant☆23Mar 18, 2025Updated last year
- LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.☆33Mar 4, 2024Updated 2 years ago
- Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist☆425Aug 25, 2024Updated last year
- ☆19Jan 13, 2025Updated last year
- Refined and Compatible version of Frans Rosen Post Message Tracker Extension☆44Nov 11, 2025Updated 5 months ago
- ☆88Sep 20, 2024Updated last year
- 用于windows下通过NTFS MFT快速查找文件名中带有敏感词的文件☆44Sep 29, 2025Updated 6 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- SPA Route Scanner is a Chrome extension that scans Single Page Applications (SPAs) to find and list all internal routes. Instantly discov…☆13Jul 31, 2025Updated 8 months ago
- A tool to migrate Burpsuite HTTP history to Caido☆36Apr 25, 2025Updated 11 months ago
- Graphql introspection query analyzer.☆18Mar 28, 2023Updated 3 years ago
- Pull out bits of URLs provided on stdin☆1,307Aug 12, 2023Updated 2 years ago
- An extension for Burp's Web Vulnerability Scanner that can detect API discovery metadata and extract data useful during recon.☆19Sep 13, 2025Updated 7 months ago
- Chrome extension for automating CSPT discovery☆145Mar 31, 2026Updated 2 weeks ago
- Automatically exported from code.google.com/p/domxsswiki☆549May 12, 2018Updated 7 years ago
- ☆13Mar 7, 2025Updated last year
- Find subdomains on GitHub.☆837Mar 28, 2023Updated 3 years ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆19Jun 9, 2023Updated 2 years ago
- Copy as FFUF Command for Burp Suite☆10Jun 12, 2024Updated last year
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆157Mar 31, 2025Updated last year
- ☆21Feb 27, 2023Updated 3 years ago
- A programming language designed around supporting ASCII animation based code golfing challenges.☆11Sep 4, 2017Updated 8 years ago
- An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228☆12Dec 12, 2021Updated 4 years ago
- Process URLs and remove duplicate query parameters.☆27Mar 19, 2024Updated 2 years ago