#xss

WebCopilot
WebCopilot

Automation tool designed to enumerate subdomains and detect bugs using different open-source tools.

JS-Tap
JS-Tap

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.

Gsec
Gsec

Web security scanner.

Xenotix
Xenotix

An advanced Cross Site Scripting vulnerability detection and exploitation framework.

DOMPurify
DOMPurify

A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

Astra
Astra

Automated Security Testing For REST API's.

Csper
Csper

The most advance set of Content Security Policy tools.

bxss.net
bxss.net

Web service that allows for detection Blind XSS vulnerabilities within web applications.

XnlReveal
XnlReveal

A Chrome browser extension to show alerts for several hidden elements.

Tool WPXStrike
Tool WPXStrike

Escalate a Cross-Site Scripting vulnerability to Remote Code Execution in WordPress.

Rapidscan
Rapidscan

The multi tool web vulnerability scanner.

toxssin
toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

s3cXSSer
s3cXSSer

This extension will help you to detect GET/POST based XSS vulnerability in any website easily.

XSS Hunter
XSS Hunter

The fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.

TerminatorZ
TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

ratproxy
ratproxy

A semi-automated largely passive web application security audit tool.

RedTeam_toolkit
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

DVWA
DVWA

Damn Vulnerable Web Application.

XSSRocket
XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

Agartha
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

Weaponised XSS Payloads
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

xssor2
xssor2

Hack with JavaScript.

Injectify
Injectify

Perform advanced MiTM attacks on websites with ease.

Cross-site scripting cheat sheet
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Hackingtool
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

PortSwigger Cross-Site Scripting cheatsheet data
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

BurpSentinel
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

postMessage-tracker
postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack).

PostMessage_Fuzz_Tool
PostMessage_Fuzz_Tool

A PostMessage fuzzing extension for Chrome.

vaya-ciego-nen
vaya-ciego-nen

Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

DOM based XSS finder
DOM based XSS finder

Chrome extension that finds DOM based XSS vulnerabilities.

xss2png
xss2png

PNG IDAT chunks XSS payload generator.

XSSwagger
XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

Shadow Workers
Shadow Workers

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

rexsser
rexsser

Burp Suite plugin that extracts keywords from response using and test for reflected XSS.

Xss-Sql-Fuzz
Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

XSS'OR
XSS'OR

Hack with JavaScript.

xsscrapy
xsscrapy

Fast, thorough, XSS/SQLi spider.

Sleepy Puppy
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

ezXSS
ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

XSS Hunter Express
XSS Hunter Express

The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.

XSSer
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

Tracy
Tracy

Assists with finding all sinks and sources of a webapp and display the results in a nice way.

xssValidator
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

JSShell
JSShell

An interactive multi-user web JS shell.

bXSS
bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

XSS Radar
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

BruteXSS
BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

DOMDig
DOMDig

DOM XSS scanner for Single Page Applications.

Femida
Femida

Automated blind-xss search for Burp Suite.

DOM XSS Scanner
DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

Extended XSS Searcher and Finder
Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

XSSMap
XSSMap

Detect XSS vulnerability in Web Applications.

XSSCon
XSSCon

Simple XSS Scanner tool.

BitBlinder
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

docem
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

Ground control
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

B-XSSRF
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

SSRFire
SSRFire

An automated SSRF finder. Just give the domain name and your server and chill!

BeEF
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

FinDOM-XSS
FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

kxss
kxss

Adaption of tomnomnom's kxss tool with a different output format.

Venom
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

Knoxnl
Knoxnl

This is a python wrapper around the amazing KNOXSS.

KNOXSS
KNOXSS

Online XSS tool with demonstration of vulnerability.

DalFox
DalFox

Powerful open source XSS scanning tool and parameter analyzer.

XSStrike
XSStrike

Most advanced XSS scanner.