8,965 tools
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
A bash script for scanning a target network for HTTP resources through XXE
A bash script for scanning a target network for HTTP resources through XXE
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.