DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

151 -1

14,021 +40

726 +3

BadLibrary by SecureSkyTechnology

vulnerable web application for training

created at Dec. 13, 2017, 6:43 a.m.

19 +0

58 +0

7 +0

CyberChef by gchq

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

created at Nov. 28, 2016, 10:34 a.m.

390 +0

29,267 +96

3,280 +13

reverse-shell by lukechilds

Reverse Shell as a Service

created at Sept. 13, 2017, 11:38 a.m.

31 +0

1,852 +0

234 +0

bXSS by LewisArdern

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

created at Dec. 13, 2017, 11:49 p.m.

14 +0

518 +5

64 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

637 +0

88 +0

malware-jail by HynekPetrak

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

created at Jan. 10, 2016, 10:41 p.m.

46 +0

460 +0

100 +0

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

created at Aug. 30, 2013, 9:43 p.m.

83 -1

3,692 +6

417 +0

xssor2 by evilcos

XSS'OR - Hack with JavaScript.

created at June 25, 2017, 6:32 a.m.

94 +0

2,129 +0

381 +0

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

created at March 28, 2014, 8:42 a.m.

153 +0

2,857 +3

420 +0

AwesomeXSS by UltimateHackers

Awesome XSS stuff

created at March 11, 2018, 2:35 p.m.

239 +0

4,786 +6

767 +1

beef by beefproject

The Browser Exploitation Framework Project

created at Nov. 23, 2011, 6:53 a.m.

444 -1

9,856 +18

2,180 +1

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

33 +0

1,036 +3

138 +0

dns-rebind-toolkit by brannondorsey

A front-end JavaScript toolkit for creating DNS rebinding attacks.

created at June 19, 2018, 2:06 a.m.

24 +0

485 +0

93 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

created at April 1, 2018, 12:11 a.m.

22 +0

627 +1

88 +0

dref by mwrlabs

DNS Rebinding Exploitation Framework

created at June 26, 2018, 10:09 a.m.

25 +0

481 +0

71 +0