Abusing Self-XSS and Clickjacking to trigger XSS
☆136Mar 18, 2017Updated 9 years ago
Alternatives and similar repositories for XSSJacking
Users that are interested in XSSJacking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Stealing CSRF tokens with CSS injection (without iFrames)☆324Feb 7, 2018Updated 8 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 9 years ago
- A demo of altering an opened tab after a timer☆124Jun 11, 2016Updated 9 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆29Sep 16, 2018Updated 7 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.☆258Feb 23, 2022Updated 4 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆228May 8, 2018Updated 8 years ago
- A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.☆43May 1, 2020Updated 6 years ago
- Allows you to trace where inputs are reflected back to the user.☆38Oct 12, 2017Updated 8 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,170Dec 16, 2024Updated last year
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆116Mar 29, 2019Updated 7 years ago
- Takes ip range, Scan all open SSL Certs, Grab Cnames☆112Sep 23, 2018Updated 7 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆139May 25, 2017Updated 9 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- ☆334Jan 8, 2018Updated 8 years ago
- BountyDash is a tool to combine your rewards from all platforms, giving you insights about your progress and bug hunting patterns.☆164Apr 24, 2025Updated last year
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 6 years ago
- XSSB is a proactive DOM sanitizer, defending against client-side injection attacks!☆38Aug 26, 2018Updated 7 years ago
- A tool for checking a hash:pass pot file for hashes from a user:hash file☆12Oct 23, 2016Updated 9 years ago
- POC for CVE-2018-15685☆42Aug 24, 2018Updated 7 years ago
- Clickjacking Proof-of-Concept Exploit☆26Oct 1, 2020Updated 5 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆379Oct 12, 2020Updated 5 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆25Nov 7, 2017Updated 8 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- ☆20Jun 2, 2016Updated 10 years ago
- Framework for Automated Security Testing that is Scaleable and Asynchronous built on Microservices☆18Oct 13, 2016Updated 9 years ago
- It is a Python+Perl script to exploit ASP.net Padding Oracle vulnerability.☆18Aug 2, 2016Updated 9 years ago
- Nodejs application intentionally vulnerable to SSRF☆42May 12, 2023Updated 3 years ago
- Next-gen BurpSuite penetration testing tool☆461Jan 27, 2016Updated 10 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆319May 22, 2023Updated 3 years ago
- Writeups for various crackmes, CTFs, wargames, etc.☆15Apr 21, 2017Updated 9 years ago
- Nameserver DNS poisoning attacks made easy☆526Feb 26, 2017Updated 9 years ago
- a tiny tool for swf hacking, just browse it:)☆243Mar 13, 2013Updated 13 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.☆451Dec 8, 2022Updated 3 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- A Pythonic wrapper to MassDNS☆24Mar 21, 2018Updated 8 years ago
- BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.☆176Dec 1, 2022Updated 3 years ago
- ☆277Oct 19, 2021Updated 4 years ago
- A Rails application containing multiple vulnerabilities used for demonstration purposes☆20Mar 26, 2015Updated 11 years ago