This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.
☆132Feb 4, 2026Updated last month
Alternatives and similar repositories for GMSGadget
Users that are interested in GMSGadget are comparing it to the libraries listed below
Sorting:
- ☆31Jan 31, 2026Updated last month
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆777Dec 9, 2025Updated 3 months ago
- ☆50Aug 2, 2025Updated 7 months ago
- Easily create and share Proof of Concepts in HTML, JavaScript, etc. with custom headers, all via query parameters☆13Oct 1, 2025Updated 5 months ago
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆48Aug 31, 2025Updated 6 months ago
- An exploit farm for attack/defense CTFs.☆28Feb 14, 2026Updated 3 weeks ago
- ☆124Dec 6, 2023Updated 2 years ago
- A collection of pyjails!☆28Dec 15, 2025Updated 2 months ago
- Useful configurations for the DomLogger++ extension☆48Sep 7, 2024Updated last year
- Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…☆14Sep 4, 2025Updated 6 months ago
- OAuch is an open-source security best practices and threats analyzer for OAuth 2.0 authorization server implementations☆13Sep 4, 2025Updated 6 months ago
- This tool allows to automatically test for Content Security Policy bypass payloads.☆44Sep 4, 2024Updated last year
- This is the data that powers the PortSwigger URL validation bypass cheat sheet.☆59Feb 5, 2026Updated last month
- CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scr…☆609Updated this week
- ☆20Apr 10, 2025Updated 10 months ago
- Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.☆227Jul 24, 2025Updated 7 months ago
- A collection of js analysis tools & scripts.☆19Mar 1, 2026Updated last week
- Powershell Based tool for gathering information related to O365 intrusions and potential Breaches☆17Dec 29, 2024Updated last year
- Differential testing framework for HTTP implementations☆926Jan 21, 2026Updated last month
- A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage…☆121Sep 12, 2025Updated 5 months ago
- Nuclei templates to run on urls☆17Sep 14, 2023Updated 2 years ago
- Read & write JavaScript values from Python with the V8 serialization format.☆19Sep 30, 2025Updated 5 months ago
- Fast exfiltration of text using only CSS and Ligatures☆89Sep 3, 2025Updated 6 months ago
- Finds graphql queries in javascript files☆69May 18, 2024Updated last year
- This repository encompasses sources and official writeups for N0PSctf 2025.☆21Jun 27, 2025Updated 8 months ago
- A Discord Bot that announces your members' HTB solves.☆18Apr 19, 2024Updated last year
- King-of-the-Hill game for the 2nd International Cybersecurity Challenge @ San Diego, California USA☆15Aug 9, 2023Updated 2 years ago
- ☆21Sep 12, 2025Updated 5 months ago
- This tool automates and facilitates an AES CBC BitFlip attack☆18Jan 17, 2024Updated 2 years ago
- Python's library written in Rust to quickly factor `n = pq` when around >50% bits of `p` and `q` are known which are distributed at rando…☆19Jul 16, 2021Updated 4 years ago
- ☆79Mar 26, 2024Updated last year
- CTFd plugin allowing for individual Docker containers per team☆23Jan 15, 2026Updated last month
- A CLI to exploit parameters vulnerable to PHP filter chain error based oracle.☆325Jun 2, 2024Updated last year
- 🐣 web3 CTF tool based on web3.py☆45Jan 13, 2026Updated last month
- ☆88Sep 20, 2024Updated last year
- Challenges I created for CTF competitions.☆243Dec 28, 2025Updated 2 months ago
- My CTF challenges, especially cryptography☆25Mar 4, 2025Updated last year
- Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code☆96Dec 22, 2024Updated last year
- Udemy – Linux Heap Exploitation☆54Jun 14, 2021Updated 4 years ago