WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
Cross-site scripting (XSS) is a type of computer security vulnerability that is normally present in web applications. XSS allows attackers to implement client scripts on web pages viewed by other users. Vulnerability XSS can...
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published November 10, 2020 · Last modified August 16, 2022
Garud An automation tool that scans sub-domains, sub-domain takeover, and then filters out xss, ssti, ssrf, and more injection point parameters. I made this tool to automate my recon and save my time. It...
XSS Vulnerability Scenarios (challenges) This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind the challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published June 29, 2017 · Last modified March 5, 2022
V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and...
xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post: use fetch POST urlencoded...
Totally Insecure Web Application Project (TIWAP) TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities. Inspired by DVWA, the contributors have tried their...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 3, 2017 · Last modified October 10, 2021
xsssniper is a handy xss discovery tool with mass scanning functionalities. What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them and parse the response...
What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing...
