Fiddler XSS Inspector Easily detect cross-site scripting vulnerabilities using Fiddler. The Fiddler tool helps you debug web applications by capturing network traffic between the Internet and test computers. The tool enables you to inspect...
According to foreign media reports on December 27, Princeton Center for Information Technology Policy (CITP) has discovered the latest use of browser “auto-fill” vulnerability to steal user information. Currently, there is a design flaw in...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 20, 2017 · Last modified May 25, 2021
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the...
On this post, i want to introduce the tips to bypass XSS filter. Cross Site Scripting (XSS) is a Web application attack in the data output to the page when there is a problem,...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 3, 2017 · Last modified October 10, 2021
xsssniper is a handy xss discovery tool with mass scanning functionalities. What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them and parse the response...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 8, 2017 · Last modified November 5, 2017
reflector Description Burp Suite extension is able to find reflected XSS on the page in real-time while browsing on the website and include some features as: Highlighting of reflection in the response tab. Test...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published September 29, 2017
WebXploiter The main purpose of this tool is to help to automate the manual Recon techniques + basic exploitation techniques which we used to try each time when we are pentesting or while cracking...
Taint php extension used to detect XSS codes(tainted string), And also can be used to spot sql injection vulnerabilities, shell inject, etc. The idea is from https://wiki.php.net/rfc/taint, I implemented it in a php extension which...
WebVulScan Synopsis WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a...
Penetration Testing / Tools / WebApp PenTest
by do son · Published July 27, 2017 · Last modified May 5, 2018
XssPy is a python tool for finding Cross-Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 25, 2017 · Last modified August 6, 2017
Collection of Cross-Site Scripting (XSS) Payloads
Web Exploitation / WebApp PenTest
by do son · Published July 20, 2017 · Last modified August 5, 2017
xss_payloads Payloads for practical exploitation of cross site scripting. Usage Find XSS vuln in your app Get PoC exploit: alert(1) etc Host these payloads somewhere Use vuln to pull one of these payloads into...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 12, 2017 · Last modified May 8, 2018
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as...
Web Exploitation / WebApp PenTest
by do son · Published July 10, 2017 · Last modified October 10, 2021
XSS, cross-site scripting is a vulnerability that allows an attacker to insert malicious code (JavaScript) into a website script. Once a script has been found to be vulnerable the attacker can e-mail or post a link...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published June 29, 2017 · Last modified March 5, 2022
V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and...
Secure Your Connection
