GitLab, the popular web-based DevOps platform, has released urgent security patches to address multiple critical vulnerabilities affecting various versions of its Community Edition (CE) and Enterprise Edition (EE). These vulnerabilities, ranging from high to...
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
XSS Vulnerability Scenarios (challenges) This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind the challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic...
xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post: use fetch POST urlencoded...
Totally Insecure Web Application Project (TIWAP) TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities. Inspired by DVWA, the contributors have tried their...
XSScope Go beyond the alert XSScope is one of the most advanced GUI Frameworks for XSS Client-side attacks. It can perform different XSS attacks and HTML Injections in real-time. Features Perform XSS botnet attack(s)....
Web Information Gathering / Web Vulnerability Analysis
by do son · Published November 10, 2020 · Last modified August 16, 2022
Garud An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. I made this tool to automate my recon and save my time. It...
Extended XSS Searcher and Finder This is the extended version based on the initial idea already published as “xssfinder”. This private version allows an attacker to perform not only GET but also POST requests....
Web Exploitation / Web Vulnerability Analysis
by do son · Published August 2, 2019 · Last modified May 1, 2024
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a...
XSpear XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected(or all) params Reflected Params All...
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However,...
What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing...
testxss PHP tool to test XSS. Note that this is an automated tool, a manual check is still required. Download git clone https://github.com/gwen001/testxss.git Use Usage: php testxss.php [OPTIONS] Options: -h, –help print this help –burp...
Pybelt is an open source hacker tool belt complete with: A port scanner SQL injection scanner Dork checker Hash cracker Hash type verification tool Proxy finding tool XSS scanner It is capable of cracking...
XSS Tool Overview This tool is an intelligent XSS detection tool that uses human techniques to look for reflected cross-site scripting (XSS) vulnerabilities. Rather than use the same approach as virtually every other reflected...
Support Securityonline.info site. Thanks!
