Web-Security-Learning

🔪Browser logic vulnerabilities ☠️

基于Burp插件开发打造渗透测试自动化

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

In progress rough solutions to bWAPP / bee-box

MalQR is a collection of malicious QR Codes and Barcodes you can use to test the security of your scanners.

DOM XSS Game

XSS cookie stealer using JavaScript and PHP

Minimalist cheat sheet for developpers to write secure code

网络安全训练营全部资料，包括 Web 安全、网络安全、信息安全、系统防护、攻防渗透、云安全

Simple API for storing all incoming XSS requests and various XSS templates.

Generate DOM clobbering attack vectors for you.

Pretty vulnerable flask app..

An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.

A dynamic cross-site scripting (XSS) payload delivery system with team server abilities.

"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection

An unsecure by-design PWA that students can analyse with a suite of tools and support to build their understanding of web-based secure software architecture.