Alternatives and similar repositories for XSS-Payloads

Users that are interested in XSS-Payloads are comparing it to the libraries listed below

• s0md3v / AwesomeXSS

  View on GitHub
  Awesome XSS stuff
  ☆5,054Oct 30, 2024Updated last year
• RenwaX23 / XSS-Payloads

  View on GitHub
  List of XSS Vectors/Payloads
  ☆1,360Jan 14, 2026Updated last month
• foospidy / payloads

  View on GitHub
  Git All the Payloads! A collection of web attack payloads.
  ☆3,891May 15, 2023Updated 2 years ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,897Sep 27, 2021Updated 4 years ago
• EdOverflow / bugbounty-cheatsheet

  View on GitHub
  A list of interesting payloads, tips and tricks for bug bounty hunters.
  ☆6,373Sep 14, 2023Updated 2 years ago
• trietptm / SQL-Injection-Payloads

  View on GitHub
  SQL Injection Payloads for Burp Suite, OWASP Zed Attack Proxy,...
  ☆243Dec 23, 2019Updated 6 years ago
• mandatoryprogrammer / xsshunter

  View on GitHub
  The XSS Hunter service - a portable version of XSSHunter.com
  ☆1,539Dec 7, 2022Updated 3 years ago
• fuzzdb-project / fuzzdb

  View on GitHub
  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  ☆8,802Nov 10, 2023Updated 2 years ago
• s0md3v / XSStrike

  View on GitHub
  Most advanced XSS scanner.
  ☆14,735Apr 26, 2025Updated 9 months ago
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,239Jan 8, 2026Updated last month
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,086Feb 20, 2025Updated 11 months ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,360Feb 15, 2025Updated 11 months ago
• tomnomnom / hacks

  View on GitHub
  A collection of hacks and one-off scripts
  ☆2,417Mar 13, 2025Updated 11 months ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,479Sep 4, 2025Updated 5 months ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,771Apr 26, 2024Updated last year
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,117Apr 21, 2024Updated last year
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,484Oct 12, 2024Updated last year
• Ice3man543 / SubOver

  View on GitHub
  A Powerful Subdomain Takeover Tool
  ☆962Oct 17, 2023Updated 2 years ago
• LewisArdern / bXSS

  View on GitHub
  bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
  ☆564Mar 4, 2023Updated 2 years ago
• hahwul / XSpear

  View on GitHub
  🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
  ☆1,350Sep 27, 2022Updated 3 years ago
• michenriksen / aquatone

  View on GitHub
  A Tool for Domain Flyovers
  ☆5,896May 22, 2022Updated 3 years ago
• GerbenJavado / LinkFinder

  View on GitHub
  A python script that finds endpoints in JavaScript files
  ☆4,280Apr 13, 2024Updated last year
• tomnomnom / httprobe

  View on GitHub
  Take a list of domains and probe for working HTTP and HTTPS servers
  ☆3,085Jun 22, 2024Updated last year
• maurosoria / dirsearch

  View on GitHub
  Web path scanner
  ☆13,979Updated this week
• xmendez / wfuzz

  View on GitHub
  Web application fuzzer
  ☆6,410Jan 21, 2026Updated 3 weeks ago
• aboul3la / Sublist3r

  View on GitHub
  Fast subdomains enumeration tool for penetration testers
  ☆10,802Aug 2, 2024Updated last year
• swisskyrepo / PayloadsAllTheThings

  View on GitHub
  A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  ☆75,135Feb 2, 2026Updated last week
• owasp-amass / amass

  View on GitHub
  In-depth attack surface mapping and asset discovery
  ☆14,103Updated this week
• terjanq / Tiny-XSS-Payloads

  View on GitHub
  A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
  ☆2,303Nov 29, 2024Updated last year
• epsylon / xsser

  View on GitHub
  Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications…
  ☆1,414Sep 17, 2024Updated last year
• hakluke / weaponised-XSS-payloads

  View on GitHub
  XSS payloads designed to turn alert(1) into P1
  ☆1,388Sep 12, 2023Updated 2 years ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,390Aug 24, 2019Updated 6 years ago
• EdOverflow / can-i-take-over-xyz

  View on GitHub
  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
  ☆5,550Feb 8, 2025Updated last year
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,704Dec 1, 2024Updated last year
• gwen001 / pentest-tools

  View on GitHub
  A collection of custom security tools for quick needs.
  ☆3,286May 1, 2023Updated 2 years ago
• 1ndianl33t / Gf-Patterns

  View on GitHub
  GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
  ☆1,396Sep 13, 2024Updated last year
• devanshbatham / ParamSpider

  View on GitHub
  Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
  ☆2,998Jun 24, 2024Updated last year
• haccer / subjack

  View on GitHub
  Subdomain Takeover tool written in Go
  ☆2,026Aug 13, 2023Updated 2 years ago
• tomnomnom / waybackurls

  View on GitHub
  Fetch all the URLs that the Wayback Machine knows about for a domain
  ☆4,309May 1, 2024Updated last year