🔍 Inspect and interact with targets securely in an iframe, enabling effective penetration testing and interface auditing.

🔒 Generate HTML Proof of Concept files for clickjacking vulnerabilities to aid security researchers and testers in demonstrating potential attacks.

The Ultimate Unified Hosts file for protecting your network, computer, smartphones and Wi-Fi devices against millions of bad web sites. Protect your children and family from gaining access to bad web sites and protect your devices and pc from being infected with Malware or Ransomware.

iFrame Inspector for authorized security testing and controlled target interaction, enabling iframe analysis, logging, interface manipulation, and detection tuning within ethical red-team assessments and research.

FortifyJS is a library focused on delivering security headers for web applications within the JavaScript ecosystem

An automated tool to generate HTML Proof of Concept files for clickjacking vulnerabilities. This tool helps security researchers and penetration testers create professional PoCs to demonstrate clickjacking attacks.

ReconX — Lightweight Python CLI for OSINT & network reconnaissance (subdomains, nmap, whois, clickjacking PoC, headers, geolocation)

Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickjacking attacks with customizable elements and real-time preview functionality.

Mike North's Web Security Course

Web-Exploit-Toolkit AKA WET: A Python-based tool for automated testing of common web vulnerabilities like XSS, CSRF, SQL Injection, HTML Injection, Open Redirect, and Directory Traversal. Supports GET/POST injection, custom payloads, cookie/session authentication, and OS-aware payload optimization. Designed for authorized security testing only.

TapTrap is a new attack on Android that lures you into performing actions you did not intend to do. This allows an app to silently access your camera or location, or even erase your entire device — all without your consent.

Interactive cybersecurity training platform demonstrating real-world clickjacking attacks including social media hijacking, credential theft, and permission exploitation. Built with Next.js, featuring live browser API integration and comprehensive security education.

The is a online Clickjacking Proof of Concept (PoC) tool that allows you to test websites for clickjacking vulnerability.

A web crawler and vulnerability scanner tool developed by Rohit Ajariwal

A simple Python Flask app to test whether a website is vulnerable to clickjacking by attempting to load it in an <iframe> and checking for security headers like X-Frame-Options and Content-Security-Policy.

T4Dragon is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

Clickjacking Scanner and POC creator for one or more sites, with frame-busting detection and additional checks, generating HTML POCs for vulnerable targets.It can also capture automatic screenshots of the generated POC, highlighting the URL bar with a red box and partially censoring it.

A Chrome extension to limit clickjacking by setting the opacity of all iframes to 1 by default.

Exploit Code, notes, and resources to accompany PortSwiggers' WebAcademy Labs.

Source code for Hacker101.com - a free online web and mobile security class.