yeswehack/xsstools

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/yeswehack/xsstools)

yeswehack / xsstools

xss development frameworks, with the goal of making payload writing easier.

☆154

Alternatives and similar repositories for xsstools

Users that are interested in xsstools are comparing it to the libraries listed below

Sorting:

yeswehack / pwn-machine
View on GitHub
PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bug hunters.
☆328Jul 31, 2024Updated last year
honoki / bbrf-client
View on GitHub
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
☆641Jul 7, 2025Updated 8 months ago
PatrikFehrenbach / amass-tools
View on GitHub
☆105Oct 18, 2020Updated 5 years ago
honoki / burp-pac-server
View on GitHub
Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.
☆33Nov 8, 2021Updated 4 years ago
codingo / dooked
View on GitHub
DNS and Target HTTP History Local Storage and Search
☆63Feb 14, 2021Updated 5 years ago
yeswehack / pp-finder
View on GitHub
PP-finder Help you find gadget for prototype pollution exploitation
☆189Aug 8, 2024Updated last year
yeswehack / PwnFox
View on GitHub
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
☆1,295Aug 7, 2024Updated last year
defparam / h1stats
View on GitHub
a tool that compiles a csv of all h1 program stats
☆49Jul 2, 2023Updated 2 years ago
sw33tLie / ugly-scripts
View on GitHub
A collection of scripts for bug-bounty related stuff
☆39Sep 4, 2020Updated 5 years ago
ARPSyndicate / kenzer
View on GitHub
automated web assets enumeration & scanning [DEPRECATED]
☆288Mar 7, 2023Updated 3 years ago
dwisiswant0 / go-stare
View on GitHub
A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
☆185Feb 23, 2026Updated 3 weeks ago
detectify / page-fetch
View on GitHub
Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…
☆529Apr 23, 2025Updated 10 months ago
optiv / mobile-nuclei-templates
View on GitHub
☆437Jun 1, 2021Updated 4 years ago
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,121Apr 29, 2024Updated last year
benso-io / posta
View on GitHub
🐙 Cross-document messaging security research tool powered by https://enso.security
☆301May 22, 2023Updated 2 years ago
bp0lr / gauplus
View on GitHub
☆299Jul 16, 2022Updated 3 years ago
KathanP19 / protoscan
View on GitHub
Prototype Pollution Scanner
☆139Apr 11, 2021Updated 4 years ago
redcode-labs / UnChain
View on GitHub
A tool to find redirection chains in multiple URLs
☆78Jan 1, 2025Updated last year
xnl-h4ck3r / xnLinkFinder
View on GitHub
A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
☆1,532Mar 8, 2026Updated last week
bugcrowd / tipjar
View on GitHub
☆213Jul 3, 2021Updated 4 years ago
RenwaX23 / XSSTRON
View on GitHub
Electron JS Browser To Find XSS Vulnerabilities Automatically
☆748Mar 30, 2021Updated 4 years ago
optionalCTF / SSOh-No
View on GitHub
User enumeration and password spraying tool for testing Azure AD
☆71Mar 3, 2022Updated 4 years ago
Damian89 / extended-ssrf-search
View on GitHub
Smart ssrf scanner using different methods like parameter brute forcing in post and get...
☆279Feb 11, 2021Updated 5 years ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆957Dec 31, 2021Updated 4 years ago
geeknik / the-nuclei-templates
View on GitHub
Nuclei templates written by geeknik. Claude is my co-pilot. 🤖
☆296Feb 24, 2026Updated 3 weeks ago
hakluke / haklistgen
View on GitHub
Turns any junk text into a usable wordlist for brute-forcing.
☆227Mar 16, 2024Updated 2 years ago
Dheerajmadhukar / karma_v1
View on GitHub
KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…
☆59Sep 6, 2021Updated 4 years ago
hakluke / ----svg-onload-alert---
View on GitHub
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()…
☆11Apr 9, 2021Updated 4 years ago
Static-Flow / BurpSuiteAutoRepeaterNaming
View on GitHub
This extension replaces the default repeater tab name with the URL path of the repeater request.
☆24Sep 3, 2021Updated 4 years ago
BrownBearSec / Utils-and-Wrappers
View on GitHub
A repo for tools, utils, and wrappers that are to small to put in their own repo.
☆23Mar 18, 2023Updated 3 years ago
riramar / h2rs
View on GitHub
Detects request smuggling via HTTP/2 downgrades.
☆94Jul 30, 2022Updated 3 years ago
robre / jsmon
View on GitHub
a javascript change monitoring tool for bugbounties
☆713Jul 31, 2024Updated last year
shelld3v / flydns
View on GitHub
Related subdomains finder
☆28May 18, 2022Updated 3 years ago
redhuntlabs / Log4JHunt
View on GitHub
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
☆45Jan 22, 2025Updated last year
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
m4ll0k / BBTz
View on GitHub
BBT - Bug Bounty Tools (examples💡)
☆1,884Apr 5, 2024Updated last year
pry0cc / proteus
View on GitHub
A projectdiscovery driven attack surface monitoring bot powered by axiom
☆189Aug 11, 2022Updated 3 years ago
securitum / research
View on GitHub
research
☆152Mar 21, 2024Updated last year
AlfredBerg / dnsline
View on GitHub
Tool for making it easy to collect dns results from the CLI
☆40Aug 14, 2024Updated last year