small set of scripts to practice exploit XSS and CSRF vulnerabilities
☆66Dec 22, 2017Updated 8 years ago
Alternatives and similar repositories for xss-labs
Users that are interested in xss-labs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Lab for exploring SSRF vulnerabilities☆247May 30, 2021Updated 4 years ago
- Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature☆38Nov 8, 2017Updated 8 years ago
- My collection of exploit development skeletons for fuzzing, overwriting the stack, remote code execution, etc.☆16Mar 19, 2025Updated last year
- A simple web app with a XXE vulnerability.☆232Nov 10, 2021Updated 4 years ago
- 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo☆816Nov 28, 2022Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A set of XSS vulnerable PHP scripts for testing☆39Feb 10, 2013Updated 13 years ago
- XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in H…☆24Jul 23, 2014Updated 11 years ago
- Python tool for expired domain discovery in crossdomain.xml files☆23Feb 21, 2017Updated 9 years ago
- Convert your masscan/subdomain-scan results (80,443,8080) into screenshots for better analysis☆36Jul 10, 2018Updated 7 years ago
- Generates Flash based CORS CSRF Proof of Concepts that can be sent directly to clients☆14Jul 3, 2013Updated 12 years ago
- small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns☆338Apr 8, 2024Updated last year
- 在Sublist3r基础上优化一个python工具,用于枚举使用OSINT的网站的子域。它有助于渗透测试人员和漏洞猎手收集并收集他们所针对的域名的子域名。Sublist3r使用Google,Yahoo,Bing,百度和Ask等许多搜索引擎来枚举子域名。Sublist3r还使…☆13May 14, 2018Updated 7 years ago
- ☆30Sep 1, 2022Updated 3 years ago
- DNS域传送漏洞探测工具。多线程,批量探测,漏洞利用,简单网页采集。(DNS zone transfer vulnerability Vulnerability detection tool, support multithreading,batch scanning an…☆51Mar 11, 2016Updated 10 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- The Hunt for Malicious Strings☆13Oct 8, 2020Updated 5 years ago
- JitterBug passively searches for Basic Info, open ports, potential CVE's on the given Target IP in third party databases without Direct i…☆13Sep 29, 2021Updated 4 years ago
- A lightweight red teaming platform utilizing concurrent nmap scans to populate a collaborative web server.☆23Feb 22, 2026Updated last month
- ISR-sqlget It's a blind SQL injection tool developed in Perl.☆14Apr 26, 2013Updated 12 years ago
- Spring-Boot app for demonstrating security vulnaribilities☆13Aug 21, 2019Updated 6 years ago
- This is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. …☆42Mar 14, 2017Updated 9 years ago
- WackoPicko is a vulnerable web application used to test web application vulnerability scanners.☆348May 25, 2024Updated last year
- "HeaderScan" Burp Plugin☆16Apr 26, 2014Updated 11 years ago
- an image bot that exploits png transparency quirks.☆10May 24, 2018Updated 7 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Removes duplicate entries from a file, resulting in only unique parameter combinations. Useful for parsing waybackurls and making recon m…☆11May 31, 2020Updated 5 years ago
- PassWord List Maker☆17Oct 29, 2018Updated 7 years ago
- Local enumeration and exploitation framework.☆18Aug 16, 2017Updated 8 years ago
- A small python script to check for Cross-Site Tracing (XST)☆133Jan 23, 2016Updated 10 years ago
- Lab set-up for learning SQL Injection Techniques☆101Dec 6, 2020Updated 5 years ago
- Vulnerable web application☆81Feb 17, 2026Updated last month
- Clickjacking Proof-of-Concept Exploit☆25Oct 1, 2020Updated 5 years ago
- BurpSuite Pro Python Extension☆18Jul 11, 2013Updated 12 years ago
- Fimap post-exploitation plugin that injects dave Rel1k's AES HTTP Reverse Shell☆16Apr 16, 2014Updated 11 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- TomcatBrute tool☆12Nov 4, 2016Updated 9 years ago
- This is a basic example of how to search into Shodan using the ShodanAPI.☆16Jan 19, 2014Updated 12 years ago
- PHP synthetic test cases generator☆10Oct 15, 2023Updated 2 years ago
- Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple…☆24Dec 16, 2022Updated 3 years ago
- Sample vulnerable code and its exploit code☆190Mar 14, 2021Updated 5 years ago
- 存放一些自己写过的漏洞利用脚本☆48Jul 21, 2019Updated 6 years ago
- A burp extension to generate sqlmap PoC from target HTTP request.☆27Jan 8, 2017Updated 9 years ago