Explore 45 curated tools and resources
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
A tool to find XSS vulnerabilities in web applications
A collection of XSS payloads designed to turn alert(1) into P1
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
A Burp intruder extender for automating and validating XSS vulnerabilities
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A tool for detecting and exploiting vulnerabilities in web applications
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
DOM-based XSS vulnerability scanner
A Burp plugin for identifying potential vulnerabilities in web applications
A free and open source C2 and proxy for penetration testers
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python-based tool for detecting XSS vulnerabilities
A blog about various cybersecurity-related topics, including home networking, compiler development, and security vulnerabilities.
A web security tool that scans for vulnerabilities and known attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities
Automatic tool for pentesting XSS attacks against different applications
A deliberately vulnerable modern day app with lots of DOM related bugs
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
Cross-site scripting labs for web application security enthusiasts
A comprehensive cheatsheet for XSS filter evasion techniques.
A categorized collection of bug bounty write-ups for various vulnerabilities.
A tool for testing Cross Site Scripting vulnerabilities
Web-application vulnerability scanner with extensive coverage of security testing modules.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.