List of Challenges: ~ Chall 1 | URL ~ Chall 2 | Form ~ Chall 3 | User-Agent ~ Chall 4 | Referrer ~ Chall 5 | Cookie ~ Chall 6 | LocalStorage ~ Chall 7 | Login Page ~ Chall 8 | File Upload ~ Chall 9 | Base64 Encoding ~ Chall 10 | Removes Alert ~ Chall 11 | Removes Script ~ Chall 12 | Preg_replace ~ Chall 13 | HTML Entities ~ Chall 14 | Regex Filter #1 ~ Chall 15 | Regex Filter #2 ~ Chall 16 | Regex Filter #3 ~ Chall 17 | HTML Entities + URL Encode ~ Chall 18 | HTML Entities #2 (Special Character) ~ Chall 19 | HTML Entities #3 (Input Value) ~ Chall 20 | HTML Entities #4 (Input Value + Capitalizes) Screenshot: Instalation: Run your web server (XAMPP / LAMPP) Clone the repository and put the files in the /htdocs/xss-labs You can access http://localhost:8080/xss-labs Happy Hacking ^_^ Run this image: To run this image you need docker installed. Just run the command: docker run --name web-ctf -d -it -p 80:80 hightechsec/xsslabs Deploy Manually Docker image: Clone this repo (git clone https://github.com/tegal1337/0l4bs) Then run docker build -t "xsslabs" . and wait until it's done If the build is clear, run this command
FEATURES
ALTERNATIVES
SAST and malware analysis tool for Android APKs with detailed scan information.
An integrated application security platform that combines software composition analysis, container scanning, and runtime security monitoring to identify and prioritize vulnerabilities based on actual usage and risk.
An API security platform that discovers, documents, and tests APIs throughout the development lifecycle while maintaining a centralized catalog of all API assets.
Akamai App & API Protector is an integrated security solution that safeguards web applications and APIs against various cyber threats using edge computing and adaptive technologies.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
A serverless application that demonstrates common serverless security flaws and weaknesses
An application security platform that combines API discovery, multiple security testing methodologies, and continuous monitoring to protect modern applications throughout their development lifecycle.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.