SVG, XML, GIF and PDF files that result in finding XSS reports on websites : The payloads are available for testing purpose only.
☆15Apr 17, 2023Updated 2 years ago
Alternatives and similar repositories for XSS-Payloads
Users that are interested in XSS-Payloads are comparing it to the libraries listed below
Sorting:
- 一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出(dumpall Golang重构版)☆21Apr 8, 2025Updated 10 months ago
- Java Chains 插件编写 demo☆14Mar 5, 2025Updated 11 months ago
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.☆17Jun 18, 2025Updated 8 months ago
- This tool is intended to be used for on target enumeration to gather and exfiltrate information and then to upload tools such as netcat o…☆22Jan 6, 2026Updated last month
- SigFlip与白加黑的完美结合。☆37May 19, 2025Updated 9 months ago
- Fastjson + MySQL 条件下不出网利用测试环境☆49Dec 6, 2025Updated 2 months ago
- pdf svg xss payload☆122Nov 1, 2025Updated 4 months ago
- pdf-js-inject,能够将js代码注入到pdf文件中,也可以注入xss-payload到pdf文件中☆31Sep 8, 2024Updated last year
- 移动端App安全测试MCP工具集 - 基于ADB、aapt、JADX的完整移动应用安全分析平台☆54Updated this week
- 智云-一个抓取web流量的轻量级蜜罐☆32Apr 8, 2025Updated 10 months ago
- AppXSVC Service race condition - privilege escalation☆30Jul 30, 2019Updated 6 years ago
- Windows Etw LPE☆51Oct 12, 2021Updated 4 years ago
- Kubernetes has its “ADCS” -- How To Backdoor a Kubernetes in silence and more persistent?☆40Nov 16, 2025Updated 3 months ago
- 本项目是记录自己在Java代码审计过程中遇到的一些优秀文章内容,以及涉及到的Java项目源文件,汇总起来方便初学者下载分析。☆31Jun 14, 2022Updated 3 years ago
- 一个基于Codeql规则的go靶场☆41Feb 19, 2025Updated last year
- PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection☆10Apr 12, 2022Updated 3 years ago
- Making a lab and testing the CVE-2024-3116, a Remote Code Execution in pgadmin <=8.4☆12Apr 11, 2024Updated last year
- FastjsonScan,支持版本识别、出网检测、AutoType检测、依赖检测,poc验证等功能☆13Jun 17, 2025Updated 8 months ago
- Python3 program that creates a duckyscript payload to brutforce a 4-digit pin on android. It uses an improved pin list to use most used p…☆17Nov 3, 2023Updated 2 years ago
- Caddy module to throttle incoming connection bandwidth☆15Oct 14, 2025Updated 4 months ago
- Apache Struts2 S2-062远程代码执行漏洞(CVE-2021-31805) | 反弹Shell☆11Apr 18, 2022Updated 3 years ago
- Red Team Assessment Platform - reporting, visualizations, and analytics for cybersecurity red teams☆34Jan 27, 2026Updated last month
- 利用代理驱动绕过JDBC Attack检测☆143Jun 15, 2025Updated 8 months ago
- JAVA 安全靶场,IAST 测试用例,JAVA漏洞复现,代码审计,SAST测试用例,安全扫描(主动和被动),JAVA漏洞靶场,RASP测试用例 ; Java Security Testbed, IAST Test Cases, Java Vulnerability R…☆272Sep 6, 2024Updated last year
- 用于存储公众号文章的 PDF 版本☆104May 20, 2024Updated last year
- 内网综合扫描工具☆44Apr 16, 2024Updated last year
- ☆20Jan 12, 2022Updated 4 years ago
- Kubernetes Kubelet RCE Automated Script. Utilizes both "run" and "exec" debug handlers.☆10Sep 28, 2020Updated 5 years ago
- Flash最新钓鱼源码对接官方API实现跟随官方升级而升级☆12Sep 30, 2020Updated 5 years ago
- EwoMail是基于Linux的企业邮箱服务器,集成了众多优秀稳定的组件,是一个快速部署、简单高效、多语言、安全稳定的邮件解决方案☆13Nov 25, 2022Updated 3 years ago
- ☆12Nov 17, 2024Updated last year
- MonoX被攻击事件的分析和复现☆10Dec 2, 2021Updated 4 years ago
- CVE-2020-5902☆10Jul 11, 2020Updated 5 years ago
- golang基于viper+agollo实现本地文件配置和远程apollo配置中心多实例快速接入☆10Jan 18, 2023Updated 3 years ago
- CVE-2022-23131漏洞利用工具开箱即用。☆11Apr 2, 2022Updated 3 years ago
- 在原版nps的基础上,增加了nps探测,以及对应的利用方式(如获取cookie,页面等),进行一些简单的二开。未经过大量测试,可能存在bug。☆21Aug 5, 2025Updated 6 months ago
- ARL使用代理池联动nuclei,xray通过企业微信机器人告警☆10Oct 28, 2022Updated 3 years ago
- 🐚ᴠʟᴀɴɢ ʀᴇᴠᴇʀsᴇ sʜᴇʟʟ🐚☆11Apr 28, 2022Updated 3 years ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago