Web-Security-Learning

🔪Browser logic vulnerabilities ☠️

基于Burp插件开发打造渗透测试自动化

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

In progress rough solutions to bWAPP / bee-box

MalQR is a collection of malicious QR Codes and Barcodes you can use to test the security of your scanners.

DOM XSS Game

XSS cookie stealer using JavaScript and PHP

网络安全训练营全部资料，包括 Web 安全、网络安全、信息安全、系统防护、攻防渗透、云安全

Minimalist cheat sheet for developpers to write secure code

Simple API for storing all incoming XSS requests and various XSS templates.

Generate DOM clobbering attack vectors for you.

An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.

A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.

Pretty vulnerable flask app..

A dynamic cross-site scripting (XSS) payload delivery system with team server abilities.

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection

"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS