Web-Security-Learning

An unsecure by-design PWA that students can analyse with a suite of tools and support to build their understanding of web-based secure software architecture.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

🔪Browser logic vulnerabilities ☠️

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

基于Burp插件开发打造渗透测试自动化

In progress rough solutions to bWAPP / bee-box

XSS cookie stealer using JavaScript and PHP

MalQR is a collection of malicious QR Codes and Barcodes you can use to test the security of your scanners.

网络安全训练营全部资料，包括 Web 安全、网络安全、信息安全、系统防护、攻防渗透、云安全

Minimalist cheat sheet for developpers to write secure code

Pretty vulnerable flask app..

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

Simple API for storing all incoming XSS requests and various XSS templates.

DOM XSS Game

"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS

A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.

Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection

HTML Injection Quick Reference