SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

A tool to check a bunch of URLs that contain reflecting params.

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Go Web Application Penetration Test

An XSS reverse shell framework

Browser-based XSS finder

libinjection is a Golang port of the libinjection(https://github.com/client9/libinjection)

go-xss is a module used to filter input from users to prevent XSS attacks

Go-sec-code is a project for learning Go vulnerability code.

xsschecker tests endpoints for reflected XSS by injecting payloads and checking responses. It prints vulnerable if the payload is reflected, otherwise not vulnerable.

Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]

(DOM-)XSS fuzzer based on phantomjs and go.

Blind XSS service alerting over slack or email