Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
☆151Dec 7, 2022Updated 3 years ago
Alternatives and similar repositories for xssmap
Users that are interested in xssmap are comparing it to the libraries listed below
Sorting:
- Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple…☆24Dec 16, 2022Updated 3 years ago
- Tool to find stored robots.txt files from the past☆19Jun 4, 2023Updated 2 years ago
- Maintaining account persistence via XSS and Oauth☆77Jan 7, 2019Updated 7 years ago
- A Multi-Processing Tool for collecting and extracting information to an Excel file from a Burp Suite output file.☆10Apr 8, 2024Updated last year
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.☆566Mar 4, 2023Updated 3 years ago
- This script scrapes the list of open Bug Bounty Programs from openbugbounty.org☆28Mar 22, 2022Updated 3 years ago
- AV Bypass☆29Jan 12, 2018Updated 8 years ago
- ftpknocker is a multi-threaded scanner for finding anonymous FTP servers☆41Jul 20, 2025Updated 7 months ago
- Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs☆94Jan 21, 2021Updated 5 years ago
- Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.☆11Mar 19, 2017Updated 8 years ago
- ☆27Mar 18, 2020Updated 5 years ago
- Automate the creation of Backdoors and postexplotation activities☆23Jun 20, 2022Updated 3 years ago
- A fast DOM based XSS vulnerability scanner with simplicity.☆855Sep 30, 2022Updated 3 years ago
- A simple script to detect unescaped characters in a web application for e.g. Cross Site Scripting (XSS) attacks.☆10Aug 20, 2020Updated 5 years ago
- A few SQL and XSS attack tools☆39Dec 17, 2019Updated 6 years ago
- A framework for automating penetration testing using a plugin based architecture☆41May 20, 2022Updated 3 years ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.☆2,244Jan 8, 2026Updated last month
- ☆332Jan 8, 2018Updated 8 years ago
- Some contributions in the nuclei-templates repository☆62Jun 18, 2022Updated 3 years ago
- A simple SSRF-testing sheriff written in Go☆336Oct 31, 2024Updated last year
- A simple way of sending messages from the CLI output to your Discord channel with webhook.☆36Mar 2, 2022Updated 4 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆427Feb 20, 2026Updated last week
- Runs sshd as a unprivileged user for persistence☆11Jun 23, 2019Updated 6 years ago
- Modifed PowerSploit/PowerView to search files and match RegEx for Sensitive info (PII, PCI, Passwords, Usernames, SNMP Strings, etc.)☆14Aug 1, 2018Updated 7 years ago
- DOM XSS scanner for Single Page Applications☆415Nov 15, 2025Updated 3 months ago
- Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations☆58Jul 26, 2020Updated 5 years ago
- ☆128Sep 2, 2019Updated 6 years ago
- Automating XSS using Bash☆362Jan 27, 2026Updated last month
- A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.☆519Jun 22, 2022Updated 3 years ago
- PwnXSS: Vulnerability (XSS) scanner exploit☆810Dec 30, 2022Updated 3 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,285Aug 18, 2025Updated 6 months ago
- A tool to check a bunch of URLs that contain reflecting params.☆598Aug 4, 2024Updated last year
- CVE-2017-9506 - SSRF☆190Feb 14, 2022Updated 4 years ago
- jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()…☆11Apr 9, 2021Updated 4 years ago
- Obtain the (revocation) status of an X.509 certificate.☆16Feb 10, 2026Updated 3 weeks ago
- Python Scanner and Exploiter of Remote File Inclusion Vulnerabilitie☆13Jan 6, 2022Updated 4 years ago
- Customisable and automated HTTP header injection☆270Jun 27, 2024Updated last year
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆118Dec 23, 2025Updated 2 months ago