payloadbox / xss-payload-list
π― Cross Site Scripting ( XSS ) Vulnerability Payload List
β6,341Updated 3 months ago
Related projects β
Alternatives and complementary repositories for xss-payload-list
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies andβ¦β3,681Updated 3 years ago
- π― SQL Injection Payload Listβ4,971Updated 3 months ago
- π― Command Injection Payload Listβ2,985Updated 3 months ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Toolβ3,784Updated 6 months ago
- HTTP parameter discovery suite.β5,246Updated this week
- A list of interesting payloads, tips and tricks for bug bounty hunters.β5,921Updated last year
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.β8,233Updated 11 months ago
- A Tool for Domain Flyoversβ5,639Updated 2 years ago
- Web application fuzzerβ5,954Updated 2 months ago
- Awesome XSS stuffβ4,778Updated last week
- Scripted Local Linux Enumeration & Privilege Escalation Checksβ7,019Updated last year
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.β4,979Updated 2 weeks ago
- A curated list of amazingly awesome Burp Extensionsβ2,988Updated 3 weeks ago
- Automatic SSRF fuzzer and exploitation toolβ2,986Updated 4 months ago
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.β5,268Updated last month
- In-depth attack surface mapping and asset discoveryβ12,034Updated 3 weeks ago
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β3,753Updated last month
- Fast web fuzzer written in Goβ12,649Updated 4 months ago
- AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.β5,154Updated 4 months ago
- Monitor linux processes without root permissionsβ4,952Updated last year
- Directory/File, DNS and VHost busting tool written in Goβ10,054Updated last week
- File upload vulnerability scanner and exploitation tool.β3,043Updated last year
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β4,856Updated 3 weeks ago
- Automated All-in-One OS Command Injection Exploitation Tool.β4,591Updated this week
- A python script that finds endpoints in JavaScript filesβ3,717Updated 6 months ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β3,982Updated last week
- Linux enumeration tool for pentesting and CTFs with verbosity levelsβ3,435Updated 10 months ago
- This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.β9,087Updated 2 months ago
- A toolkit for testing, tweaking and cracking JSON Web Tokensβ5,414Updated 3 months ago
- A script that you can run in the background!β2,725Updated 3 months ago