Application Security for Xss

Essential tools and best practices for securing software applications throughout their lifecycle. Task: XssExplore 31 curated tools and resources

Search by name, description, or purpose... (⌘+K)

PINNED

Promoted • 6 tools

Proton Pass

Commercial

Data Protection

NordVPN

Commercial

Network Security

Mandos

Commercial

Consulting

Checkmarx SCA

Commercial

Application Security

Orca Security

Commercial

Cloud Security

DryRun

Commercial

Application Security

Want your tool featured here?

Get maximum visibility with pinned placement

LATEST ADDITIONS

Node.js Goof
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
0
Free
Application Security
Nodejs
Vulnerable App
Application Security
Educational
Xss
Code Injection
Open Redirect
Lfi
Docker
Vulnerability Testing
Security Testing
Node.js Goof
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
0
Free
Application Security
Nodejs
Vulnerable App
Application Security
+8
Dalfox
Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.
0
Free
Application Security
Xss
Xss Scanner
Vulnerability Scanner
Web Security
Web Application Security
Automation
Penetration Testing
Security Scanning
Open Source
Application Security
Dalfox
Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.
0
Free
Application Security
Xss
Xss Scanner
Vulnerability Scanner
+7
DOMdig
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
0
Free
Application Security
Xss
Xss Scanner
Application Security
Web Application Security
Vulnerability Scanner
Static Analysis
Dynamic Analysis
Fuzzing
Penetration Testing
DOMdig
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
0
Free
Application Security
Xss
Xss Scanner
Application Security
+6
XSSwagger
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
0
Free
Application Security
Xss
Vulnerability Scanner
Api Security
Web Application Security
Security Scanning
Vulnerability Detection
Application Security
Web Security
Scanner
Security Assessment
XSSwagger
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
0
Free
Application Security
Xss
Vulnerability Scanner
Api Security
+7
Femida
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
0
Free
Application Security
Blind Xss
Xss
Burp Suite
Python
Automation
Web Application Security
Vulnerability Scanner
Penetration Testing
Open Source
Cli Tool
Femida
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
0
Free
Application Security
Blind Xss
Xss
Burp Suite
+7
xssValidator
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
0
Free
Application Security
Xss
Burp Suite
Vulnerability Scanner
Web Application Security
Payload Generation
Automation
Penetration Testing
Vulnerability Detection
Security Testing
Appsec
xssValidator
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
0
Free
Application Security
Xss
Burp Suite
Vulnerability Scanner
+7
ParamPamPam
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
0
Free
Application Security
Web App Security
Vulnerability Scanner
Sql Injection
Xss
Fuzzing
Penetration Testing
Open Source
Github
Web Security
Exploitation
ParamPamPam
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
0
Free
Application Security
Web App Security
Vulnerability Scanner
Sql Injection
+7
DOMXSS Scanner
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
0
Free
Application Security
Xss
Vulnerability Scanning
Source Code Analysis
Web Security
Security Testing
DOMXSS Scanner
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
0
Free
Application Security
Xss
Vulnerability Scanning
Source Code Analysis
+2
XSS'OR
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
0
Free
Application Security
Xss
Javascript
XSS'OR
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
0
Free
Application Security
Xss
Javascript
FuzzDB
FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.
0
Free
Application Security
Application Security
Vulnerability Testing
Penetration Testing
Web Security
Sql Injection
Xss
Fuzzing
Security Testing
Open Source
Vulnerability Scanner
FuzzDB
FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.
0
Free
Application Security
Application Security
Vulnerability Testing
Penetration Testing
+7
Vuldroid
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
0
Free
Application Security
Android
Vulnerable App
Educational
Mobile Security
Android Security
Appsec
Training
Xss
Application Security
Security Training
Vuldroid
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
0
Free
Application Security
Android
Vulnerable App
Educational
+7
Rexsser
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
0
Free
Application Security
Burp Suite
Xss
Xss Scanner
Plugin
Vulnerability Scanner
Web Application Security
Regex
Open Source
Vulnerability Detection
Rexsser
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
0
Free
Application Security
Burp Suite
Xss
Xss Scanner
+6
Hackazon
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
0
Free
Application Security
Vulnerable Applications
Application Security
Penetration Testing
Security Testing
Web App Security
Sql Injection
Xss
Api
Mobile Security
Educational
Hackazon
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
0
Free
Application Security
Vulnerable Applications
Application Security
Penetration Testing
+7
MCIR
MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.
0
Free
Application Security
Application Security
Vulnerability Testing
Code Injection
Sql Injection
Xss
Framework
Testing
Appsec
Vulnerable Applications
Security Testing
MCIR
MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.
0
Free
Application Security
Application Security
Vulnerability Testing
Code Injection
+7
Naxsi
NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.
0
Free
Application Security
Web Application Firewall
Nginx
Xss
Sql Injection
Web Security
Application Security
Waf
Web App Security
Rule Based
Naxsi
NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.
0
Free
Application Security
Web Application Firewall
Nginx
Xss
+6
Securibench Micro
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
0
Free
Application Security
Application Security
Vulnerability Testing
Static Analysis
Penetration Testing
Sql Injection
Xss
Vulnerable Apps
Security Testing
Benchmark
Securibench Micro
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
0
Free
Application Security
Application Security
Vulnerability Testing
Static Analysis
+6
Xtreme Vulnerable Web Application (XVWA)
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
0
Free
Application Security
Vulnerable App
Application Security
Web App Security
Educational
Php
Mysql
Sql Injection
Xss
Csrf
Ssrf
File Inclusion
Training
Security Testing
Xtreme Vulnerable Web Application (XVWA)
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
0
Free
Application Security
Vulnerable App
Application Security
Web App Security
+10
@fastify/helmet
A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.
0
Free
Application Security
Application Security
Web Security
Fastify
Nodejs
Http Headers
Middleware
Web Application Security
Xss
Javascript
@fastify/helmet
A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.
0
Free
Application Security
Application Security
Web Security
Fastify
+6
Nuxt Security
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
0
Free
Application Security
Application Security
Web Security
Owasp
Xss
Csrf
Cors
Csp
Nodejs
Javascript
Middleware
Web Application Security
Nuxt Security
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
0
Free
Application Security
Application Security
Web Security
Owasp
+8
N-Stalker
A web security tool that scans for vulnerabilities and known attacks.
0
Free
Application Security
Appsec
Devsecops
Vulnerability Scanning
Web Security
Xss
Sql Injection
N-Stalker
A web security tool that scans for vulnerabilities and known attacks.
0
Free
Application Security
Appsec
Devsecops
Vulnerability Scanning
+3
DOMPurify
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
0
Free
Application Security
Xss
Security
Javascript
Nodejs
DOMPurify
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
0
Free
Application Security
Xss
Security
Javascript
+1
Cyclops
A browser with XSS detection capabilities
0
Free
Application Security
Xss
Browser
Security Testing
Web Security
Windows
Cyclops
A browser with XSS detection capabilities
0
Free
Application Security
Xss
Browser
Security Testing
+2
XSSer
Automatic tool for pentesting XSS attacks against different applications
0
Free
Application Security
Xss
Pentesting
Web App Security
Vulnerability Scanning
Security Research
XSSer
Automatic tool for pentesting XSS attacks against different applications
0
Free
Application Security
Xss
Pentesting
Web App Security
+2
damnvulnerable.me
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
0
Free
Application Security
Vulnerable App
Web Security
Xss
Csrf
Penetration Testing
Educational
Security Testing
Web Application Security
Vulnerable Applications
damnvulnerable.me
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
0
Free
Application Security
Vulnerable App
Web Security
Xss
+6

Application Security for Xss

RELATED TASKS

PINNED

LATEST ADDITIONS

Node.js Goof

Node.js Goof

Dalfox

Dalfox

DOMdig

DOMdig

XSSwagger

XSSwagger

Femida

Femida

xssValidator

xssValidator

ParamPamPam

ParamPamPam

DOMXSS Scanner

DOMXSS Scanner

XSS'OR

XSS'OR

FuzzDB

FuzzDB

Vuldroid

Vuldroid

Rexsser

Rexsser

Hackazon

Hackazon

MCIR

MCIR

Naxsi

Naxsi

Securibench Micro

Securibench Micro

Xtreme Vulnerable Web Application (XVWA)

Xtreme Vulnerable Web Application (XVWA)

@fastify/helmet

@fastify/helmet

Nuxt Security

Nuxt Security

N-Stalker

N-Stalker

DOMPurify

DOMPurify

Cyclops

Cyclops

XSSer

XSSer

damnvulnerable.me

damnvulnerable.me