xssmap: Intelligent XSS detection tool
XSS Tool Overview This tool is an intelligent XSS detection tool that uses human techniques to look for reflected cross-site scripting (XSS) vulnerabilities. Rather than use the same approach as...
Tagged: XSS
Report: WordPress Plugin and Theme Vulnerabilities in 2017
According to securityaffairs, January 23 news, security researchers recently released WordPress plugin and theme of vulnerability statistics in 2017, these data from the latest WordPress Vulnerability Database ThreatPress. It is reported that...
Fiddler XSS Inspector: detect cross-site scripting vulnerabilities using fiddler
Fiddler XSS Inspector Easily detect cross-site scripting vulnerabilities using Fiddler. The Fiddler tool helps you debug web applications by capturing network traffic between the Internet and test computers. The tool...
Security Researcher found autofill vulnerability in browsers
According to foreign media reports on December 27, Princeton Center for Information Technology Policy (CITP) has discovered the latest use of browser “auto-fill” vulnerability to steal user information. Currently, there is...
OWSAP Damn Vulnerable Web Sockets: vulnerable web application
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find...
Everythings do to bypass XSS filter
On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when...
xsssniper: An automatic XSS discovery tool
xsssniper is a handy xss discovery tool with mass scanning functionalities. What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them...
reflector: Burp plugin able to find reflected XSS on page in real-time while browsing on site
reflector Description Burp Suite extension is able to find reflected XSS on the page in real-time while browsing on the website and include some features as: Highlighting of reflection in...
WebXploiter – An OWASP Top 10 Security scanner
WebXploiter The main purpose of this tool is to help to automate the manual Recon techniques + basic exploitation techniques which we used to try each time when we are...
taint: PHP extension, used for detecting XSS codes
Taint php extension used to detect XSS codes(tainted string), And also can be used to spot sql injection vulnerabilities, shell inject, etc. The idea is from https://wiki.php.net/rfc/taint, I implemented it in...
WebVulScan: Web Application Vulnerability Scanner
WebVulScan Synopsis WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for...
XssPy – Web Application XSS Scanner
XssPy is a python tool for finding Cross-Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the...
Cross-Site Scripting (XSS) Payloads
Collection of Cross-Site Scripting (XSS) Payloads
xss_payloads: Exploitation for XSS
xss_payloads Payloads for practical exploitation of cross site scripting. Usage Find XSS vuln in your app Get PoC exploit: alert(1) etc Host these payloads somewhere Use vuln to pull one...
WSSAT v2.0: WEB SERVICE SECURITY ASSESSMENT TOOL
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts...
