heroanswer/XSS_Cheat_Sheet_2020_Edition

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/heroanswer/XSS_Cheat_Sheet_2020_Edition)

heroanswer / XSS_Cheat_Sheet_2020_Edition

xss漏洞模糊测试payload的最佳集合 2020版

☆511

Alternatives and similar repositories for XSS_Cheat_Sheet_2020_Edition

Users that are interested in XSS_Cheat_Sheet_2020_Edition are comparing it to the libraries listed below

Sorting:

1120362990 / vulnerability-list
View on GitHub
在渗透测试中快速检测常见中间件、组件的高危漏洞。
☆728Mar 21, 2022Updated 3 years ago
opensec-cn / vtest
View on GitHub
用于辅助安全工程师漏洞挖掘、测试、复现，集合了mock、httplog、dns tools、xss，可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
☆866Jul 21, 2019Updated 6 years ago
timwhitez / crawlergo_x_XRAY
View on GitHub
360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
☆1,183Nov 10, 2021Updated 4 years ago
threedr3am / JSP-WebShells
View on GitHub
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
☆1,404Jan 18, 2022Updated 4 years ago
zu1k / xray-crack
View on GitHub
xray社区高级版证书生成，仅供学习研究，正常使用请支持正版。removed due to Chaitin requirements & support to version 1.4.4 & learning purpose
☆443Nov 11, 2020Updated 5 years ago
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,016Oct 15, 2020Updated 5 years ago
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,012May 21, 2024Updated last year
r0eXpeR / redteam_vul
View on GitHub
红队作战中比较常遇到的一些重点系统漏洞整理。
☆2,522Jul 17, 2021Updated 4 years ago
r35tart / RedisWriteFile
View on GitHub
通过 Redis 主从写出无损文件
☆719May 25, 2020Updated 5 years ago
LangziFun / LangSrcCurise
View on GitHub
SRC子域名资产监控
☆1,299Jan 14, 2021Updated 5 years ago
boy-hack / wooyun-payload
View on GitHub
从wooyun中提取的payload，以及burp插件
☆842Jun 17, 2022Updated 3 years ago
hudunkey / Red-Team-links
View on GitHub
2019年红队资源链接，资源不是本人整理出来，来自互联网，因为流传的少，特意在此做个备份，做个分享。
☆839Aug 24, 2019Updated 6 years ago
inbug-team / InScan
View on GitHub
边界打点后的自动化渗透工具
☆1,891Jul 19, 2021Updated 4 years ago
jiangsir404 / POC-S
View on GitHub
POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞，对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
☆357Mar 12, 2020Updated 5 years ago
threedr3am / learnjavabug
View on GitHub
Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…
☆2,689Mar 14, 2024Updated last year
Y4er / fastjson-bypass-autotype-1.2.68
View on GitHub
fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
☆229Oct 12, 2022Updated 3 years ago
aleenzz / MSSQL_SQL_BYPASS_WIKI
View on GitHub
MSSQL注入提权,bypass的一些总结
☆737Jun 25, 2024Updated last year
c0ny1 / chunked-coding-converter
View on GitHub
Burp suite 分块传输辅助插件
☆2,022Feb 23, 2022Updated 4 years ago
lengjibo / RedTeamTools
View on GitHub
记录自己编写、修改的部分工具
☆1,461Oct 19, 2025Updated 4 months ago
broken5 / WebAliveScan
View on GitHub
对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
☆915Dec 8, 2022Updated 3 years ago
feihong-cs / ShiroExploit-Deprecated
View on GitHub
Shiro550/Shiro721 一键化利用工具，支持多种回显方式
☆1,950Jun 4, 2021Updated 4 years ago
CTF-MissFeng / bayonet
View on GitHub
bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
☆1,507Nov 22, 2022Updated 3 years ago
threedr3am / tomcat-cluster-session-sync-exp
View on GitHub
tomcat使用了自带session同步功能时，不安全的配置（没有使用EncryptInterceptor）导致存在的反序列化漏洞，通过精心构造的数据包，可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484，9484…
☆212May 19, 2020Updated 5 years ago
c0ny1 / FastjsonExploit
View on GitHub
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
☆1,389Dec 16, 2022Updated 3 years ago
LandGrey / webshell-detect-bypass
View on GitHub
绕过专业工具检测的Webshell研究文章和免杀的Webshell
☆1,733Nov 15, 2020Updated 5 years ago
thunderbarca / Caesar
View on GitHub
一个全新的敏感文件发现工具
☆225Jan 10, 2021Updated 5 years ago
al0ne / Nmap_Bypass_IDS
View on GitHub
Nmap&Zmap特征识别，绕过IDS探测
☆329Aug 1, 2019Updated 6 years ago
c0ny1 / passive-scan-client
View on GitHub
Burp被动扫描流量转发插件
☆1,459Jun 17, 2024Updated last year
dr0op / WeblogicScan
View on GitHub
增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持
☆968Jun 16, 2024Updated last year
FunnyWolf / pystinger
View on GitHub
Bypass firewall for traffic forwarding using webshell
☆1,430Sep 29, 2021Updated 4 years ago
LandGrey / domainNamePredictor
View on GitHub
一个简单的现代化公司域名使用规律预测及生成工具
☆388Feb 24, 2022Updated 4 years ago
chennqqi / godnslog
View on GitHub
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
☆469Sep 16, 2023Updated 2 years ago
zhzyker / exphub
View on GitHub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、…
☆4,273Apr 4, 2021Updated 4 years ago
r35tart / Penetration_Testing_Case
View on GitHub
用于记录分享一些有趣的案例
☆866Jan 10, 2022Updated 4 years ago
ac0d3r / Hyuga
View on GitHub
Hyuga is a tool for monitoring Out-of-Band (OOB) traffic, supporting DNS, HTTP, LDAP, RMI, and DNS-Rebinding。🪤
☆538Dec 27, 2025Updated 2 months ago
taielab / Taie-Bugbounty-killer
View on GitHub
挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。
☆422Nov 17, 2020Updated 5 years ago
Echocipher / AUTO-EARN
View on GitHub
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
☆738Dec 8, 2022Updated 3 years ago
cvkki / src
View on GitHub
日常src平台域名收集
☆594Jul 11, 2019Updated 6 years ago
LandGrey / ClassHound
View on GitHub
利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码
☆711May 10, 2021Updated 4 years ago