8,965 tools
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
A tool for identifying potential security vulnerabilities in web applications
A tool for identifying potential security vulnerabilities in web applications
A collection of XSS payloads designed to turn alert(1) into P1
A collection of XSS payloads designed to turn alert(1) into P1
Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.
Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A front-end JavaScript toolkit for creating DNS rebinding attacks
A front-end JavaScript toolkit for creating DNS rebinding attacks
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.