Search Results for "xss" - Page 3
Sort By:
Showing 149 open source projects for "xss"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Junie, the AI coding agent by JetBrainsJunie is an AI-powered coding agent developed by JetBrains designed to enhance developer productivity by integrating directly into popular IDEs such as IntelliJ IDEA, PyCharm, and Android Studio. It supports developers by assisting with code completion, testing, and inspections, ensuring code quality and reducing debugging time.
-
1
NinjaFirewall
Powerfull Web Application Firewall for PHP
...Some of its features are: * Powerful filtering engine. * Stand alone Web Application Firewall. * Protects against remote & local file inclusions, code execution, uploads, SQL injections, bots and scanners, XSS and many other threats. * Hooks and sanitises all HTTP requests before they reach your website, as well as the response body. * Real-time detection (File Guard). * Response body filter (Web Filter). * Powerful access control and firewall policies. * Easy to setup; your PHP scripts do not require modifications. * Works with any PHP applications, even those encoded with ionCube and ZendGuard... -
2
Web Security Basics
Web security concepts
...The repository focuses on real-world security mechanisms and vulnerabilities, explaining protocols like SSL/TLS for encrypted communications, the principles behind CORS (Cross-Origin Resource Sharing), and widely exploited attack categories such as cross-site scripting (XSS) and cross-site request forgery (CSRF). It also covers token-based authentication patterns like access and refresh tokens, helping developers see how modern web applications attempt to balance security with usability. Rather than providing executable code or automated tools, the project emphasizes conceptual understanding and the reasoning behind why certain defenses matter in web architecture. -
3
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/ -
4
Track -1-Generator-2017
Generate track 1 from track 2
...Tags: CVV , Python , fullz , SSN , prv8 , MMN , DOB , Track1 , C++ , Track2 , carding , POS , fraud , zeus , citadel , banking , Perl , spyeye , dumps , Alina , cardable , paypal , PHP , Vskimmer , java exploit , Dexeter , blackpos , carding forum , ASM , skimmer , fake antivirus , android , ICQ , symlink , flash exploit , root , deface , hack , backtrack , apache , TDS , litespeed , linux , windows , asp , aspx , C# , python , localroot , OTR , shell , SSH , security , hacking , SQLi , XSS , CSRF , 0day , exploit , VBV , trojan , HTTP , virus , worm , DDOS , Scan , eth0 , RDP , PR , botnet , carding , centos , plesk , FUD , redhat , carding, cc checker, dump checker, cc shop, dump shop, free cvv, free dumps -
Cloud-based observability solution that helps businesses track and manage workload and performance on a unified dashboard.Monitor everything you run in your cloud without compromising on cost, granularity, or scale. groundcover is a full stack cloud-native APM platform designed to make observability effortless so that you can focus on building world-class products. By leveraging our proprietary sensor, groundcover unlocks unprecedented granularity on all your applications, eliminating the need for costly code changes and development cycles to ensure monitoring continuity.
-
5
payloadmask
Payload list editor to use techniques to bypass WAF
...A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. -
6
Electrode Stateless CSRF
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
...For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. Since XSS cannot set HTTP headers also, it strengthens the security further. -
7
MVProc
MVC web platform for Apache and MySQL Stored Procedures
MVProc is a Model-View-Controller module for Apache2 that facilitates using MySQL stored procedures as the controller element. NOTE: Version 2.1 is STABLE and currently in production use. NOTE: Versions 1.4+ are for Apache2.4 - in order to run on Apache2.2, replace request_rec->useragent_ip references with request_rec->connection->remote_ip (there are 3 in the source code) -
8
...Options:(1) Chat (2) Unix (3) Microsoft (4) Mac OS X (5) Network (6) DHCP (7) Firewalls (8) Routers (9) Proxy (10) Switches (11) HTTP (12) HTTPS (13) DNS (14) SW (15) Nessus (16) Tacacs+ (17) Vmware (18) Backdoors (19) Citrix (20) Mail (21) P2P (22) SQL (23) Web (24) XSS (25) Exploits (26) Xprobe (27) Nmap (28) Telnet (29) SSH (30) FTP (31) Vnc (32) Radius (33) Tor (34) Malware (35) DoS (36) Botnet (37) Openssl (38) Run cap (39) Malware News (40) Updates 2013-2014 pcaps (41) Updates 2015 pcaps.
-
9
A webapp hacking game, where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
-
We help you deliver Virtual and Hybrid Events using our Award Winning end-to-end Event Management PlatformEventsAIR have been anticipating and responding to the ever-changing event industry needs for over 30 years, providing innovative solutions that empower event organizers to create successful events around the globe.
-
10
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with...
-
11
MVProc FastCGI
MVProc implemented as a FastCGI
...Supports application/x-www-form-urlencoded and multipart/form-data! Highly configurable! Very fast templating! Designed to be secure, with SQL injection protection, XSS attack protection, and more! Responsive project admin! -
12
ngx_lua_waf
ngx_lua_waf
ngx_lua_waf is a web application firewall (WAF) module written in Lua for use with OpenResty (Nginx + Lua). It provides protection against common web attacks such as SQL injection, XSS, file uploads, and malicious bots. The WAF is rule-based, easily configurable, and lightweight, offering real-time defense with minimal performance overhead. -
13
miniPHP
A small, simple PHP MVC framework skeleton that encapsulates a lot of
miniPHP A small, simple PHP MVC framework skeleton that encapsulates a lot of features surrounded with powerful security layers. miniPHP is a very simple application, useful for small projects, helps to understand the PHP MVC skeleton, know how to authenticate and authorize, encrypt data and apply security concepts, sanitization and validation, make Ajax calls and more. It's not a full framework, nor a very basic one but it's not complicated. You can easily install, understand, and... -
14
XSS-Scanner
Powerful XSS Scanner based on Selenium Web Driver
...This app is absolutely free XSS Scanner, based on Selenium Web Driver. It scans directly in your browser. All you need is FireFox with FireFoxDriver (usually it is built-in). Here you can find a self-sufficient source, feel free to use and extend it if needed: https://github.com/pashna/XSS-scanner To check vulnerabilities, XSS-scanner uses a list of known XSS-injection provided by owasp: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet Let's test and keep safe! -
15
Web Application Protection
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. ... -
16
-
17
This is a Portable version of Mozilla Firefox with several add-ons that are useful for Web Application Security. The purpose of this package is to have the best available addons to manually test XSS, SQL, siXSS, CSRF, Trace XSS, RFI, LFI, etc.
-
18
Flashbang
Project "Flashbang" - An open-source Flash-security helper
Flashbang is an open-source Flash-security helper tool designed to extract and display flashVars from a SWF that is “naked” (i.e. not wrapped in a bigger application) so that security testers can begin analysis (e.g. for XSS or other vectors) without decompiling the whole SWF. It is built atop Mozilla’s Shumway project. It works in modern browsers via HTML/JS, can also be run locally, and does not upload SWFs to servers (processing stays local). It is still considered alpha quality. Clone the repo using the --recursive flag, so that all necessary submodules are cloned as well. ... -
19
xssya v-2.0
XSS Vulnerability Confrontation
Introduction XSSYA -> doing many steps in one time but the main function of XSSYA is XSS Vulnerability Confirmation without using the browser and even without using other tools for example URL Shorten, identifying Web application firewall and other function will be discussed in next pages. -
20
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific...">
-
21
PHP XSS Auditor
Protect your website
PHP XSS Auditor and PHP CSRF patching a lot of vulnerabilities. -
22
One Page Scroll
Create an Apple-like one page scroller website
...Create an Apple-like one page scroll website (iPhone 5S website) with One Page Scroll plugin Created by Pete R., Founder of BucketListly. jQuery 1.9.0 or later is strongly recommended because using jQuery less than 1.8.3 and jquery.onepage-scroll.js together turns out to be a hash-based XSS vulnerabiliry. Modern browsers such as Chrome, Firefox, and Safari on both desktop and smartphones have been tested. Should work fine on IE8 and IE9 as well. One Page Scroll let you transform your website into a one page scroll website that allows users to scroll one page at a time. It is perfect for creating a website in which you want to present something to the viewers. ... -
23
SimplePress
Simple Blog Script
UPDATE: Please do not download until new update or final version 1.1 is out (actual version = 1.0.6.beta)! We found XSS and SQL Injection vulnerabilities and are going to fix them as soon as possible. SimplePress ist ein objektorientiertes Content Management System zum einfachen Erstellen und Verwalten eines Onlineblogs. Das System eignet sich hervorragend zum forken eigener Scripte. -
24
sitecheck
Modular web site spider for web developers.
More than just a link checker, sitecheck is a website spider (also known as a crawler) which can assist with SEO by testing an entire site plus both inbound links from search engines and outbound links to other sites for the following issues: looping redirects (HTTP 301/302), broken links (HTTP 404), server errors (HTTP 500), spelling mistakes, low readability scores (using the Flesch Reading Ease test), missing/empty/duplicate meta tags, duplicate content, slow page speed, W3C validation errors and accessibility errors. Sitecheck can also spot some common causes of PCI compliance failure such as insecure content on secure pages, SQL injection/cross-site scripting (XSS) vulnerabilities, insecure encryption ciphers and open mail relays. Sources of information leakage such as email addresses and IP addresses in the headers or the page will be logged. Includes a separate module called domaincheck which checks the domain expiry date, SSL certificate expiry date and SPF records. -
25
IPTC-Attacker
Testing for XSS via IPTC metadata
As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag. Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.