We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
xss-filters - Secure XSS Filters
In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.
xss output-filter sanitize sanitise escape encode filter context-aware context-sensitive security yahooexpress-validator - An express.js middleware for node-validator.
An express.js middleware for validator. Also please note that, starting with v5.0.0, no new features will be accepted into the legacy API. Only bug fixes will be made.
express validator validation validate sanitize sanitization xsshacker101 - Hacker101
Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injectionarachni - Web Application Security Scanner Framework
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
arachni dom audit detection security-audit analysis modular scanners web-application vulnerability-detection crawler scanner hack hacking penetration-testing xss sql-injectionjs-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
sanitization xss sanitize sanitisation input security escape encode filter validator html injection whitelistXSStrike - XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator
XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Note: XSStrike isn't compatible with Python2 anymore, please use python3 xsstrike to run it. Changelog contains the changes made to XSStrike after the XSStrike v2.0 pre-beta release.
xss xss-scanner xss-exploit xss-bruteforce xss-python xss-detection xss-payloadsDOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.
xss sanitizer dom security dompurify prevent-xss-attacks mathml html svg cross-site-scripting secure sanitize filter purifypayloads - Git All the Payloads! A collection of web attack payloads.
run ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.
payload payloads xss sqli web-attack-payloads passwordsxssor2 - XSS'OR - Hack with JavaScript.
XSS'OR - Hack with JavaScript. It contains three major modules: Encode/Decode, Codz, Probe.
probe pentest-tool xss csrf encoding hacking-tool pentest hackimagejs - Small tool to package javascript into a valid image file.
Small tool to package javascript into a valid image file. Currently supported are gif and bmp. Run imagejs option jsfile.js. The outcoming image file will be named like the input file + the image ending.. Options are currently bmp, gif, webp, pnm and pgf.
injection xssxss-filters - Secure XSS Filters.
In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)). Figure 1. "Just sufficient" encoding based on the HTML5 spec.
xss output-filter sanitize sanitise escape encode filter context-aware context-sensitive security yahooBluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.
sanitization html security xss owasp whitelist parser html-sanitizerinjectify - Perform advanced MiTM attacks on websites with ease π
Injectify is a modern web based MiTM tool, similiar to BeEF (although completely unrelated in terms of source code). It features cross-platform clients (Web, Desktop, Browser extension).
mitm xss console-replication typescript nodejs modular reactjs redux webpack github-oauth mongodbAwesomeXSS - Awesome XSS stuff
Awesome XSS stuff. Put this repo on watch. I will be updating it regularly. Yep, confirm because alert is too mainstream.
xss payload xss-payloads payload-list xss-detection xss-cheatsheetHtmlSanitizer - Cleans HTML to avoid XSS attacks
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style.
xss html sanitizerHTML Purifier - Standards compliant HTML filter written in PHP
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
sanitization html security xss owasp whitelist parser html-sanitizerlatte - β Latte: the intuitive and fast template engine for those who want the most secure PHP sites
Latte is a template engine for PHP which eases your work and ensures the output is protected against vulnerabilities, such as XSS. Documentation can be found on the website.
nette nette-framework latte template-engine xss security content-aware safetycsp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)
Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.
csp csp-header json-configuration csp-builder content-security-policy http http-header easy-to-use secure-by-default security xss cross-site-scriptingBlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.
web application scanner osint fuzzer owasp vulnerability spider passive active sqli xss lfi rfi rce csrf automated scan reportxss-payload-list - π― Cross Site Scripting ( XSS ) Vulnerability Payload List
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.
xss xss-payloads xss-vulnerability xss-exploitation xss-detection xss-attacks xss-scanner xss-injection xss-poc xss-scanners website-vulnerability cross-site-scripting reflected-xss-vulnerabilities dom-based self-xss websecurity payloads xss-payload payload bugbounty
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
