CyberChef by gchq

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

created at Nov. 28, 2016, 10:34 a.m.

379 -1

25,574 +94

2,951 +10

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

153 +1

12,816 +41

671 +5

beef by beefproject

The Browser Exploitation Framework Project

created at Nov. 23, 2011, 6:53 a.m.

438 +1

9,380 +11

2,056 +6

AwesomeXSS by UltimateHackers

Awesome XSS stuff

created at March 11, 2018, 2:35 p.m.

240 -1

4,641 -2

758 +2

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

created at Aug. 30, 2013, 9:43 p.m.

87 +0

3,517 +10

412 +0

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

created at March 28, 2014, 8:42 a.m.

154 +0

2,818 -1

418 +0

xssor2 by evilcos

XSS'OR - Hack with JavaScript.

created at June 25, 2017, 6:32 a.m.

95 +0

2,096 +1

378 +0

reverse-shell by lukechilds

Reverse Shell as a Service

created at Sept. 13, 2017, 11:38 a.m.

33 +0

1,784 +2

231 +0

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

32 +0

973 +5

136 +1

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +1

634 +0

101 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

created at April 1, 2018, 12:11 a.m.

22 +0

611 +0

102 +0

bXSS by LewisArdern

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

created at Dec. 13, 2017, 11:49 p.m.

14 +0

483 +1

69 +0

dns-rebind-toolkit by brannondorsey

A front-end JavaScript toolkit for creating DNS rebinding attacks.

created at June 19, 2018, 2:06 a.m.

24 +0

482 +0

93 +0

dref by mwrlabs

DNS Rebinding Exploitation Framework

created at June 26, 2018, 10:09 a.m.

25 +0

481 -1

71 +0

malware-jail by HynekPetrak

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

created at Jan. 10, 2016, 10:41 p.m.

46 +0

453 +0

99 +1

BadLibrary by SecureSkyTechnology

vulnerable web application for training

created at Dec. 13, 2017, 6:43 a.m.

20 +0

57 +0

7 +0