Abusing Self-XSS and Clickjacking to trigger XSS
☆136Mar 18, 2017Updated 9 years ago
Alternatives and similar repositories for XSSJacking
Users that are interested in XSSJacking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Stealing CSRF tokens with CSS injection (without iFrames)☆324Feb 7, 2018Updated 8 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 8 years ago
- A demo of altering an opened tab after a timer☆124Jun 11, 2016Updated 9 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆29Sep 16, 2018Updated 7 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.☆256Feb 23, 2022Updated 4 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆227May 8, 2018Updated 7 years ago
- A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.☆43May 1, 2020Updated 5 years ago
- Allows you to trace where inputs are reflected back to the user.☆37Oct 12, 2017Updated 8 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,139Dec 16, 2024Updated last year
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆304Oct 14, 2018Updated 7 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆116Mar 29, 2019Updated 7 years ago
- Takes ip range, Scan all open SSL Certs, Grab Cnames☆113Sep 23, 2018Updated 7 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆140May 25, 2017Updated 8 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- ☆332Jan 8, 2018Updated 8 years ago
- BountyDash is a tool to combine your rewards from all platforms, giving you insights about your progress and bug hunting patterns.☆162Apr 24, 2025Updated 11 months ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 5 years ago
- XSSB is a proactive DOM sanitizer, defending against client-side injection attacks!☆38Aug 26, 2018Updated 7 years ago
- A tool for checking a hash:pass pot file for hashes from a user:hash file☆12Oct 23, 2016Updated 9 years ago
- Clickjacking Proof-of-Concept Exploit☆26Oct 1, 2020Updated 5 years ago
- POC for CVE-2018-15685☆42Aug 24, 2018Updated 7 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆378Oct 12, 2020Updated 5 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆25Nov 7, 2017Updated 8 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ☆20Jun 2, 2016Updated 9 years ago
- Framework for Automated Security Testing that is Scaleable and Asynchronous built on Microservices☆18Oct 13, 2016Updated 9 years ago
- It is a Python+Perl script to exploit ASP.net Padding Oracle vulnerability.☆18Aug 2, 2016Updated 9 years ago
- Nodejs application intentionally vulnerable to SSRF☆42May 12, 2023Updated 2 years ago
- Next-gen BurpSuite penetration testing tool☆462Jan 27, 2016Updated 10 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆318May 22, 2023Updated 2 years ago
- Writeups for various crackmes, CTFs, wargames, etc.☆15Apr 21, 2017Updated 8 years ago
- Nameserver DNS poisoning attacks made easy☆525Feb 26, 2017Updated 9 years ago
- a tiny tool for swf hacking, just browse it:)☆243Mar 13, 2013Updated 13 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.☆450Dec 8, 2022Updated 3 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- A Pythonic wrapper to MassDNS☆24Mar 21, 2018Updated 8 years ago
- BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.☆176Dec 1, 2022Updated 3 years ago
- ☆276Oct 19, 2021Updated 4 years ago
- A Rails application containing multiple vulnerabilities used for demonstration purposes☆20Mar 26, 2015Updated 11 years ago