Abusing Self-XSS and Clickjacking to trigger XSS
☆136Mar 18, 2017Updated 9 years ago
Alternatives and similar repositories for XSSJacking
Users that are interested in XSSJacking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Stealing CSRF tokens with CSS injection (without iFrames)☆324Feb 7, 2018Updated 8 years ago
- A JavaScript clickjacking PoC generator☆24Jul 3, 2019Updated 6 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 9 years ago
- A demo of altering an opened tab after a timer☆124Jun 11, 2016Updated 9 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆29Sep 16, 2018Updated 7 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.☆256Feb 23, 2022Updated 4 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆227May 8, 2018Updated 8 years ago
- A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.☆43May 1, 2020Updated 6 years ago
- Allows you to trace where inputs are reflected back to the user.☆37Oct 12, 2017Updated 8 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,171Dec 16, 2024Updated last year
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆116Mar 29, 2019Updated 7 years ago
- Takes ip range, Scan all open SSL Certs, Grab Cnames☆113Sep 23, 2018Updated 7 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆140May 25, 2017Updated 8 years ago
- ☆334Jan 8, 2018Updated 8 years ago
- BountyDash is a tool to combine your rewards from all platforms, giving you insights about your progress and bug hunting patterns.☆164Apr 24, 2025Updated last year
- XSSB is a proactive DOM sanitizer, defending against client-side injection attacks!☆38Aug 26, 2018Updated 7 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 5 years ago
- A tool for checking a hash:pass pot file for hashes from a user:hash file☆12Oct 23, 2016Updated 9 years ago
- POC for CVE-2018-15685☆42Aug 24, 2018Updated 7 years ago
- Clickjacking Proof-of-Concept Exploit☆26Oct 1, 2020Updated 5 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆378Oct 12, 2020Updated 5 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Terraform configuration to build a Burp Private Collaborator Server☆25Nov 7, 2017Updated 8 years ago
- ☆20Jun 2, 2016Updated 9 years ago
- Framework for Automated Security Testing that is Scaleable and Asynchronous built on Microservices☆18Oct 13, 2016Updated 9 years ago
- It is a Python+Perl script to exploit ASP.net Padding Oracle vulnerability.☆18Aug 2, 2016Updated 9 years ago
- Nodejs application intentionally vulnerable to SSRF☆42May 12, 2023Updated 3 years ago
- Next-gen BurpSuite penetration testing tool☆462Jan 27, 2016Updated 10 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆319May 22, 2023Updated 2 years ago
- Writeups for various crackmes, CTFs, wargames, etc.☆15Apr 21, 2017Updated 9 years ago
- Nameserver DNS poisoning attacks made easy☆526Feb 26, 2017Updated 9 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- a tiny tool for swf hacking, just browse it:)☆243Mar 13, 2013Updated 13 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.☆451Dec 8, 2022Updated 3 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- A Pythonic wrapper to MassDNS☆24Mar 21, 2018Updated 8 years ago
- BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.☆176Dec 1, 2022Updated 3 years ago
- ☆277Oct 19, 2021Updated 4 years ago