Application Security for Xss

Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.

A tool to find XSS vulnerabilities in web applications

A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

A fast and simple DOM based XSS vulnerability scanner

Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.

DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.

Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.

A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

DOM-based XSS vulnerability scanner

A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.

A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.

MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.

NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.

A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.

A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.

A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.

A web security tool that scans for vulnerabilities and known attacks.

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

Curiefense is an application security platform that extends Envoy proxy to protect web applications and APIs against SQL injection, XSS, DDoS, and other common threats.

A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.