XSS payloads for bypassing WAF. This repository is updating continuously.
☆267Mar 15, 2024Updated last year
Alternatives and similar repositories for WAF-bypass-xss-payloads
Users that are interested in WAF-bypass-xss-payloads are comparing it to the libraries listed below
Sorting:
- Xss payload for bypassing waf☆18Apr 18, 2020Updated 5 years ago
- ☆861Dec 26, 2025Updated 2 months ago
- i will upload more templates here to share with the comunity.☆567Apr 17, 2024Updated last year
- 403/401 Bypass Methods + Bash Automation + Your Support ;)☆1,574Jun 6, 2022Updated 3 years ago
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws☆3,932Oct 4, 2025Updated 5 months ago
- ☆584Aug 14, 2025Updated 6 months ago
- Nuclei Templates Collection☆1,081Dec 25, 2025Updated 2 months ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,500Jan 8, 2026Updated 2 months ago
- Find subdomains by searching public certificate records☆16Jun 11, 2024Updated last year
- This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter☆3,270Feb 10, 2024Updated 2 years ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆374Jul 25, 2023Updated 2 years ago
- JavaAgent内存马实现、检测、修复demo☆11Dec 7, 2022Updated 3 years ago
- Tips and Tutorials for Bug Bounty and also Penetration Tests.☆1,707Oct 7, 2025Updated 5 months ago
- Burp Plugin to Bypass WAFs through the insertion of Junk Data☆1,426Jul 14, 2025Updated 7 months ago
- Top disclosed reports from HackerOne☆5,358Feb 28, 2026Updated last week
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆89May 2, 2024Updated last year
- A modern tool written in Python that automates your xss findings.☆472Nov 26, 2023Updated 2 years ago
- 对任意http网站添加指定漏洞 目前实现部分漏洞的追加 支持本身http服务 支持反向代理追加☆28Oct 8, 2022Updated 3 years ago
- Subdomain takeover vulnerability checker☆1,525Sep 10, 2024Updated last year
- A repository that includes all the important wordlists used while bug hunting.☆1,379Mar 11, 2023Updated 2 years ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆382May 19, 2023Updated 2 years ago
- Simple tool to gather domains from crt.sh using the organization name☆102Dec 16, 2021Updated 4 years ago
- 目录扫描+JS��文件中提取URL和子域+403状态绕过+指纹识别☆859Sep 30, 2025Updated 5 months ago
- Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!☆1,313Updated this week
- Cool HackerOne Reports☆22Nov 16, 2022Updated 3 years ago
- declutters url lists for crawling/pentesting☆1,532Feb 23, 2025Updated last year
- 🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…☆1,546Updated this week
- A tool to check a bunch of URLs that contain reflecting params.☆596Aug 4, 2024Updated last year
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Re…☆1,823Aug 20, 2025Updated 6 months ago
- 这个项目主要用于辅助测试Swagger的XSS漏洞☆39Jun 11, 2022Updated 3 years ago
- 某免杀webshell☆19Oct 10, 2023Updated 2 years ago
- 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.☆4,859Feb 28, 2026Updated last week
- CVE Collection of jQuery XSS Payloads☆75Jan 4, 2023Updated 3 years ago
- Useful Google Dorks for WebSecurity and Bug Bounty☆1,205Jan 24, 2026Updated last month
- 用于解决判断出网情况的问题,以http、ldap、rmi以及socket形式批量监听端口,在web界面进行结果查看☆127Apr 17, 2023Updated 2 years ago
- Never forget where you inject.☆298Aug 15, 2025Updated 6 months ago
- MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilitie�…☆1,033Jul 23, 2024Updated last year
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆985Jan 12, 2024Updated 2 years ago
- Simple reverse shell to avoid Windows defender and kaspersky detection☆21Dec 20, 2021Updated 4 years ago