Search Results for "xss" - Page 2
Sort By:
Showing 113 open source projects for "xss"
View related business solutions-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
The Apple Device Management and Security PlatformAchieve harmony across your Apple device fleet with Kandji's unmatched management and security capabilities.
-
1
Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET
Detects various security vulnerability patterns. SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc. Inter-procedural taint analysis for input data. Continuous Integration (CI) support for GitHub and GitLab pipelines. Stand-alone runner or through MSBuild for custom integrations. Analyzes .NET and .NET Core projects in the background (IntelliSense) or during a build. -
2
Big List of Naughty Strings
List of strings which have a high probability of causing issues
The Big List of Naughty Strings is a community-maintained catalog of “gotcha” inputs that commonly break software, from unusual Unicode to SQL and script injection payloads. It exists so developers and QA engineers can easily test edge cases that normal test data would miss, such as zero-width characters, right-to-left marks, emojis, foreign alphabets, and long or malformed strings. By throwing these strings at forms, APIs, databases, and UIs, teams can discover encoding bugs, sanitizer... -
3
NAXSI module
NGINX compiled with NBS System NAXSI
This image is based on the nginx:mainline image (see on Dockerhub) and recompiled with the same ./configure options from vanilla NGINX sources with the addition of --add-module=naxsi. -
4
Go Safe Web
Secure-by-default HTTP servers in Go
go-safeweb is a security-focused HTTP framework for Go that bakes in secure defaults so common web vulnerabilities are harder to introduce. Instead of leaving headers and policies to ad-hoc middleware, it sets Content Security Policy, X-Frame-Options, and other protections by default, and centralizes template escaping rules. Request handling emphasizes principled APIs for parsing and validating input, reducing the risk of injection and deserialization bugs. The framework’s routing and... -
All-in-one solution to control corporate spendingWallester Business is a leading world-class solution to optimize your company’s financial processes! Issuing virtual and physical corporate expense cards with an IBAN account, expense monitoring, limit regulation, convenient accounting, subscription control — manage your finance on all-in-one platform in real time! Wallester Business benefits your business growth!
-
5
Naxsi
Open-source, high performance, low rules maintenance WAF for NGINX
Technically, it is a third-party Nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI. Being very simple, those patterns may match legitimate queries, it is Naxsi's administrator duty to add specific rules that will whitelist legitimate behaviors. The administrator can... -
6
XSpear
Powerfull XSS Scanning and Parameter analysis tool&gem
XSpear is an XSS Scanner on ruby gems. Powerful XSS Scanning and Parameter analysis tool&gem. -
7
End-To-End
End-To-End is a crypto library to encrypt, decrypt, digital sign
...It packaged a JavaScript crypto library, UI elements, and a browser extension workflow that could integrate with webmail-style UIs without server changes. The codebase emphasized careful key handling, usability experiments around key discovery and verification, and mitigations against common web threats like XSS. While the project ultimately transitioned into successor efforts, it helped push discussions about practical E2EE in mainstream web apps and the ergonomics of PGP-style workflows. Security researchers and product teams used it as a design reference for client-side cryptography and the trade-offs of operating inside a hostile web page. -
8
Parsedown
Better markdown parser in PHP
...Safe mode does not necessarily yield safe results when using extensions to Parsedown. Extensions should be evaluated on their own to determine their specific safety against XSS. -
9
Web Security Audit
Passively audits the security posture on current page for your browser
...Add-on wants to report security misconfigurations, or failure to use best security practices. - Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including: - strict-transport-security - x-xss-protection - content-security-policy - x-frame-options - x-content-type-options It is available for Opera Beta and Developer browser - https://bit.ly/2TvvFw4 -
Budgyt Is The Highest Rated Business Budgeting Software In The Market.Budgyt is an easy to use, intuitive platform with a clean simple interface that makes budgeting multiple P&L’s easy to do without needing Excel.
-
10
WebSploit Framework
WebSploit is a high level MITM Framework
WebSploit Advanced MITM Framework [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin Scanner [+]CloudFlare resolver [+]LFI Bypasser [+]Apache Users Scanner [+]Dir Bruter [+]admin finder [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack [+]MFOD Attack Vector [+]ARP Dos Attack [+]Web Killer Attack [+]Fake Update Attack [+]Fake Access point Attack [+]Wifi Honeypot [+]Wifi Jammer [+]Wifi Dos [+]Wifi Mass De-Authentication Attack [+]Bluetooth POD Attack Project In Github : https://github.com/websploit -
11
OWASP ModSecurity CRS
OWASP ModSecurity Core Rule Set (CRS) Project
The OWASP ModSecurity Core Rule Set (CRS) is a curated, generic Web Application Firewall rule set that detects and blocks common attack categories across most web apps. It focuses on broad protection—SQL injection, cross-site scripting, local/remote file inclusion, command injection, and protocol violations—without requiring app-specific knowledge. Rules are organized into paranoia levels so operators can tune detection aggressiveness and balance false positives against coverage. An... -
12
NodeGoat
The OWASP NodeGoat project
A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them. -
13
SlimMVC.js
Your Slim MVC JavaScript
A simple JavaScript framework to implement MVC pattern and safe against XSS attacks using nodeValue property rather innerHTML. -
14
Cerberus Content Management System
Cerberus Content Management System
Cerberus Content Management System is a Monolithic and Modular Content Management System that is written in 100% Pure PHP code with 100% Pure HTML output, and it supports multiple Database Management Systems. Cerberus Content Management System source code is completely handwritten by the author(s). The CerberusCMS project is focused on data security and ease of use, therefore we have decided to make very little use of JavaScript in the PurePHP Releases. The still-secure, and... -
15
httest is a script based tool for testing and benchmarking web applications, web servers, proxy servers and web browsers. httest can emulate clients and servers in the same test script, very useful for testing proxys.
-
16
Python Taint
Static Analysis Tool for Detecting Security Vulnerabilities in Python
Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis) Detect command injection, SSRF, SQL injection, XSS, directory traveral etc. A lot of customization is possible. For functions from builtins or libraries, e.g. url_for or os.path.join, use the -m option to specify whether or not they return tainted values given tainted inputs, by default this file is used. -
17
Firing Range
Firing Range is a test bed for web application security scanners
...Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. Each scenario is crafted to reflect how bugs appear in production—behind frameworks, in odd encodings, or across redirects—so scanners must demonstrate accurate crawling and context understanding. ... -
18
APIthet
An Application to security test RESTful web APIs.
APIthet is an application to security test RESTful web APIs. Assessing APIs help in detecting security vulnerabilities at an early stage of the SDLC. Compare this with assessing an Android application that uses APIs on a backend server. This kind of assessment happens at a much later phase of the SDLC. Even worse, it does not necessarily touch all the APIs. That's not all. You specify one of the JSON parameters as random. This helps set a unique value for a specific JSON parameter in... -
19
Laravel Larabbs
A forum project base on Laravel
Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experience to be truly fulfilling. Laravel takes the pain out of development by easing common tasks used in many web projects. Laravel has the most extensive and thorough documentation and video tutorial library of all modern web application frameworks, making it a breeze to get started with the framework. -
20
Web Security Basics
Web security concepts
...The repository focuses on real-world security mechanisms and vulnerabilities, explaining protocols like SSL/TLS for encrypted communications, the principles behind CORS (Cross-Origin Resource Sharing), and widely exploited attack categories such as cross-site scripting (XSS) and cross-site request forgery (CSRF). It also covers token-based authentication patterns like access and refresh tokens, helping developers see how modern web applications attempt to balance security with usability. Rather than providing executable code or automated tools, the project emphasizes conceptual understanding and the reasoning behind why certain defenses matter in web architecture. -
21
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/ -
22
Track -1-Generator-2017
Generate track 1 from track 2
...Tags: CVV , Python , fullz , SSN , prv8 , MMN , DOB , Track1 , C++ , Track2 , carding , POS , fraud , zeus , citadel , banking , Perl , spyeye , dumps , Alina , cardable , paypal , PHP , Vskimmer , java exploit , Dexeter , blackpos , carding forum , ASM , skimmer , fake antivirus , android , ICQ , symlink , flash exploit , root , deface , hack , backtrack , apache , TDS , litespeed , linux , windows , asp , aspx , C# , python , localroot , OTR , shell , SSH , security , hacking , SQLi , XSS , CSRF , 0day , exploit , VBV , trojan , HTTP , virus , worm , DDOS , Scan , eth0 , RDP , PR , botnet , carding , centos , plesk , FUD , redhat , carding, cc checker, dump checker, cc shop, dump shop, free cvv, free dumps -
23
Electrode Stateless CSRF
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
...For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. Since XSS cannot set HTTP headers also, it strengthens the security further. -
24
A webapp hacking game, where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
-
25
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with...