xss

45 tools and resources

NEW

Node.js Goof Logo

Node.js Goof

0 (0)

Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits

Application Security
Free
appsecnodejsvulnerable-appdockeropen-redirectcode-injectionxsslocal-file-inclusiondirectory-traversalcommand-execution
BruteXSS Logo

BruteXSS

0 (0)

A tool to find XSS vulnerabilities in web applications

Malware Analysis
Free
xssvulnerability-scanningweb-securityweb-application-securitysecurity-testing
weaponised-XSS-payloads Logo

weaponised-XSS-payloads

0 (0)

A collection of XSS payloads designed to turn alert(1) into P1

Malware Analysis
Free
xsspayloadjavascriptsecurity-testing
Vaya-Ciego-Nen Logo

Vaya-Ciego-Nen

0 (0)

A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

Malware Analysis
Free
xssblind-xssvulnerability-detectionvulnerability-exploitationsecurity-testingweb-security
xssor2 Logo

xssor2

0 (0)

A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Malware Analysis
Free
xssjavascriptsecurity-testingvulnerability-exploitationweb-app-security
findom-xss Logo

findom-xss

0 (0)

A fast and simple DOM based XSS vulnerability scanner

Malware Analysis
Free
xssscannervulnerabilityproof-of-concept
XSSCon Logo

XSSCon

0 (0)

A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities

Malware Analysis
Free
xssxss-scannerweb-securitypenetration-testingsecurity-research
xss2png Logo

xss2png

0 (0)

A tool to generate a PNG image containing a XSS payload

Honeypots
Free
xssxss-payloadpngsecurity-researcheducational
XSpear Logo

XSpear

0 (0)

A powerful XSS scanning and parameter analysis tool

Offensive Security
Free
xssscanningsecurity-testingvulnerability-scanning
Dalfox Logo

Dalfox

0 (0)

Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Malware Analysis
Free
xssscannerautomationsecurity-researchweb-security
SSRFire Logo

SSRFire

0 (0)

Automated SSRF finder with options for XSS and open redirects

Network Security
Free
ssrfxssopen-redirectvulnerability-scanningweb-app-security
XSStrike Logo

XSStrike

0 (0)

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Malware Analysis
Free
xssxss-scannerfuzzingpayload-generation
DOMdig Logo

DOMdig

0 (0)

DOM XSS scanner for Single Page Applications

Malware Analysis
Free
appsecappsec-toolxssxss-scanner
XSSOauthPersistence Logo

XSSOauthPersistence

0 (0)

Maintaining account persistence via XSS and Oauth

Offensive Security
Free
xss
XSSwagger Logo

XSSwagger

0 (0)

A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks

Application Security
Free
xssvulnerability-scanningsecurity-auditdevsecopssecurity-testing
Femida Logo

Femida

0 (0)

Automated blind-xss search for Burp Suite

Malware Analysis
Free
appsecburp-suiteblind-xssxsssecurity-researchpenetration-testingpython
docem Logo

docem

0 (0)

A tool to embed XXE and XSS payloads in various file formats

Malware Analysis
Free
xxexss
xssValidator Logo

xssValidator

0 (0)

A Burp intruder extender for automating and validating XSS vulnerabilities

Malware Analysis
Free
appsecxssautomationvulnerability-scanning
extended-xss-search Logo

extended-xss-search

0 (0)

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.

Malware Analysis
Free
xssxss-scannerweb-securityvulnerability-scanning
OWASP Joomla Vulnerability Scanner Logo

OWASP Joomla Vulnerability Scanner

0 (0)

A free and open-source tool for identifying vulnerabilities in Joomla-based websites.

Vulnerability Management
Free
vulnerability-scannersql-injectionxsscsrfweb-app-securityweb-application-security
ParamPamPam Logo

ParamPamPam

0 (0)

A tool for detecting and exploiting vulnerabilities in web applications

Vulnerability Management
Free
appsecapp-securityfuzzingsql-injectionxssweb-app-security
DOMXSS Scanner Logo

DOMXSS Scanner

0 (0)

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

Application Security
Free
xssvulnerability-scanningsource-code-analysisweb-securitysecurity-testing
xsshunter Logo

xsshunter

0 (0)

A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Malware Analysis
Free
xssweb-application-securityvulnerability-scanning
XSS'OR Logo

XSS'OR

0 (0)

Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.

Application Security
Free
xssjavascript
dom-based-xss-finder Logo

dom-based-xss-finder

0 (0)

DOM-based XSS vulnerability scanner

Vulnerability Management
Free
xssweb-application-securityvulnerability-scanningchrome-extension
Rexsser Logo

Rexsser

0 (0)

A Burp plugin for identifying potential vulnerabilities in web applications

Malware Analysis
Free
appsecbug-bountycvesecurity-researchvulnerability-scanningxss
Shadow Workers Logo

Shadow Workers

0 (0)

A free and open source C2 and proxy for penetration testers

Offensive Security
Free
c2proxypenetration-testingxsssecurity-research
Naxsi Logo

Naxsi

0 (0)

A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.

Application Security
Free
appsecnginxweb-securitysql-injectionxssweb-application-security
xssmap Logo

xssmap

0 (0)

A Python-based tool for detecting XSS vulnerabilities

Malware Analysis
Free
xssweb-app-securityweb-securitypython

ircmaxell's Blog

0 (0)

A blog about various cybersecurity-related topics, including home networking, compiler development, and security vulnerabilities.

Blogs and News
Free
networkingphpxssrails
N-Stalker Logo

N-Stalker

0 (0)

A web security tool that scans for vulnerabilities and known attacks.

Application Security
Free
appsecdevsecopsvulnerability-scanningweb-securityxsssql-injection
Acunetix Web Vulnerability Scanner Demo Site Logo

Acunetix Web Vulnerability Scanner Demo Site

0 (0)

A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.

Vulnerability Management
Free
appsecapp-securityvulnerability-scanningweb-app-securitysql-injectionxss
DOMPurify Logo

DOMPurify

0 (0)

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

Application Security
Free
xsssecurityjavascriptnodejs
Cyclops Logo

Cyclops

0 (0)

A browser with XSS detection capabilities

Application Security
Free
xssbrowsersecurity-testingweb-securitywindows
Acunetix Web Vulnerability Scanner Logo

Acunetix Web Vulnerability Scanner

0 (0)

A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities

Vulnerability Management
Free
appsecapp-securityweb-app-securitysql-injectionxss
XSSer Logo

XSSer

0 (0)

Automatic tool for pentesting XSS attacks against different applications

Application Security
Free
xsspentestingweb-app-securityvulnerability-scanningsecurity-research
damnvulnerable.me Logo

damnvulnerable.me

0 (0)

A deliberately vulnerable modern day app with lots of DOM related bugs

Application Security
Free
appsecbug-bountycsrfpenetration-testingsecurity-researchweb-securityxss
Xss-Sql-Fuzz Logo

Xss-Sql-Fuzz

0 (0)

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

Malware Analysis
Free
burp-suitefuzzingxsssql-injectionpayload-generation

XSS Polyglot Challenge

0 (0)

XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.

Application Security
Free
xssxss-payloadsecurity-testingweb-security
0l4bs Cross-site scripting labs Logo

0l4bs Cross-site scripting labs

0 (0)

Cross-site scripting labs for web application security enthusiasts

Application Security
Free
xssctfweb-securityvulnerable-app

XSS (Cross Site Scripting) Cheatsheet

0 (0)

A comprehensive cheatsheet for XSS filter evasion techniques.

Application Security
Free
xss
Bug Bounty Reference Logo

Bug Bounty Reference

0 (0)

A categorized collection of bug bounty write-ups for various vulnerabilities.

Vulnerability Management
Free
bug-bountyvulnerability-exploitationxssxxercedeserializationcsrf
ezXSS Logo

ezXSS

0 (0)

A tool for testing Cross Site Scripting vulnerabilities

Offensive Security
Free
xsspenetration-testingbug-bountyblind-xss
Wapiti Logo

Wapiti

0 (0)

Web-application vulnerability scanner with extensive coverage of security testing modules.

Vulnerability Management
Free
web-app-securityvulnerability-scanningsql-injectionxsscommand-executionxxe
Paros Logo

Paros

0 (0)

A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.

Vulnerability Management
Free
appsecproxyweb-app-securityvulnerability-assessmentxsssql-injection