Demo of various ways to exploit post based reflected XSS
☆18Jul 6, 2023Updated 2 years ago
Alternatives and similar repositories for postBasedXSS
Users that are interested in postBasedXSS are comparing it to the libraries listed below
Sorting:
- A Multi-Processing Tool for collecting and extracting information to an Excel file from a Burp Suite output file.☆10Apr 8, 2024Updated last year
- JavaScript functions intended to be used as an XSS payload against a WordPress admin account.☆56Oct 6, 2020Updated 5 years ago
- dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-facto…☆43Apr 23, 2024Updated last year
- Simple PoC for demonstrating Race Conditions on Websockets☆54Sep 14, 2023Updated 2 years ago
- KERnano: The No-install Python Pen Testing kit. (Windows & Linux)☆13Sep 2, 2022Updated 3 years ago
- Mine URLs from Browser's Heap Snapshot for fun and profit☆64Aug 9, 2023Updated 2 years ago
- Get all AD objects which are hidden from you☆18Aug 21, 2017Updated 8 years ago
- Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability☆62Jun 12, 2023Updated 2 years ago
- ☆40Sep 21, 2025Updated 6 months ago
- ☆17Jan 9, 2025Updated last year
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆40Feb 26, 2021Updated 5 years ago
- A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs☆75Jun 12, 2025Updated 9 months ago
- POC Pdf-exploit builder on C#☆13Mar 1, 2024Updated 2 years ago
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing☆143Jun 27, 2023Updated 2 years ago
- This Burp Suite extension enables the generation of shareable links to specific requests which other Burp Suite users can import.☆12May 20, 2022Updated 3 years ago
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆14Feb 23, 2022Updated 4 years ago
- ☆21Mar 7, 2024Updated 2 years ago
- MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts☆82Feb 4, 2023Updated 3 years ago
- Oneliner Bug Bounty Collection collected from GitHub to all bug bounty hunters☆36Dec 12, 2023Updated 2 years ago
- Course materials for LOL's Free Web Security Class☆27Apr 22, 2025Updated 11 months ago
- Archived Please go to https://github.com/adamjsturge/xsshunter-go☆31Mar 7, 2024Updated 2 years ago
- This extension redacts potentially sensitive header and parameter values from requests using Shannon Entropy analysis.☆13Dec 29, 2020Updated 5 years ago
- 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️☆227May 22, 2023Updated 2 years ago
- A Burp Extension to test applications for vulnerability to the Web Cache Deception attack☆27Nov 23, 2017Updated 8 years ago
- ☆11Feb 8, 2021Updated 5 years ago
- [ACL 2025] LongSafety: Evaluating Long-Context Safety of Large Language Models☆16Jun 18, 2025Updated 9 months ago
- In 'n Out - See what goes in and comes out of PEs☆35May 12, 2022Updated 3 years ago
- POC of CVE-2025-7783☆31Oct 31, 2025Updated 4 months ago
- Launch your SOC as fast as a rocket with only one command☆12Feb 17, 2025Updated last year
- JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the target…☆421Jan 31, 2026Updated last month
- Python 3 alternative command line interface for AWS Route 53; enables simple record management and dynamic DNS☆11Feb 27, 2026Updated 3 weeks ago
- The Frida Scripts Fetcher & Exploiter tool helps you search and use those scripts to exploit based on the provided search keyword.☆18Aug 5, 2023Updated 2 years ago
- Hadoken: A versatile Active Directory pentesting tool engineered to identify vulnerabilities and streamline security assessments.☆46Oct 26, 2025Updated 4 months ago
- Make exploiting race conditions in web applications highly efficient and ease-of-use.☆27Jun 18, 2025Updated 9 months ago
- The following package is the standalone wordlist-only component to flask-unsign.☆43Jun 15, 2024Updated last year
- ☆95Sep 18, 2021Updated 4 years ago
- An extension to use Semgrep inside Burp Suite.☆88May 23, 2025Updated 9 months ago
- Recreate a Webpack project just by providing an URL.☆11Jan 4, 2023Updated 3 years ago