AwesomeXSS by UltimateHackers

Awesome XSS stuff

created at March 11, 2018, 2:35 p.m.

240 +0

4,648 +2

757 -1

EyeWitness by RedSiege

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

created at Feb. 26, 2014, 4:23 p.m.

147 +0

4,715 +4

819 +0

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

created at Sept. 18, 2012, 2:05 p.m.

117 +0

5,107 +1

630 +0

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

created at Sept. 13, 2014, 12:08 a.m.

266 -1

5,363 +1

1,178 -2

aquatone by michenriksen

A Tool for Domain Flyovers

created at Nov. 19, 2015, 11:30 a.m.

135 +0

5,489 +1

864 +0

wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

168 +0

5,663 +9

1,332 +1

xss-payload-list by payloadbox

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

created at April 23, 2018, 6:09 a.m.

139 +0

5,673 +19

1,580 +2

gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

154 +0

5,839 +2

823 +0

fuzzdb by fuzzdb-project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

created at Sept. 10, 2015, 5:54 p.m.

367 +0

7,974 +7

2,074 +0

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

created at July 11, 2012, 8:27 p.m.

264 +0

8,258 +7

1,240 +4

Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

created at Dec. 15, 2015, 12:55 a.m.

233 +0

9,281 +15

2,052 +2

beef by beefproject

The Browser Exploitation Framework Project

created at Nov. 23, 2011, 6:53 a.m.

438 -1

9,406 +10

2,060 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

156 +0

9,589 +31

9,399 +50

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

created at Aug. 24, 2016, 3:12 p.m.

118 -1

9,618 +40

1,404 +9

webshell by tennc

This is a webshell open source project

created at May 23, 2013, 7:37 a.m.

490 -2

9,791 +4

5,552 +4

Photon by UltimateHackers

Incredibly fast crawler designed for OSINT.

created at March 30, 2018, 7:38 p.m.

322 +0

10,534 +13

1,453 -1

XSStrike by UltimateHackers

Most advanced XSS scanner.

created at June 26, 2017, 7:24 a.m.

274 +0

12,743 +15

1,847 +2

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

150 -2

12,924 +54

670 -1

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

153 +0

15,336 +28

1,321 +6

nuclei by projectdiscovery

Fast and customizable vulnerability scanner based on simple YAML based DSL.

created at April 3, 2020, 6:47 p.m.

215 +0

17,389 +76

2,256 +9