#安全#SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
#安全#Source code for Hacker101.com - a free online web and mobile security class.
一款用于探测并利用XSS漏洞的Python脚本
A list of resources for those interested in getting started in bug bounties
一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
lamp-cloud 支持jdk21、jdk17、jdk11、jdk8,ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台,专注于多租户(SaaS架构)解决方案,亦可作为普通项目(非SaaS架构)的基础开发框架使用,目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。
#安全#Top disclosed reports from HackerOne
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
#网络爬虫#Web Application Security Scanner Framework
Git All the Payloads! A collection of web attack payloads.
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
🐈Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中
XSS'OR - Hack with JavaScript.
#夺旗赛 (CTF) 和网络安全资源#A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Collection of quality safety articles. Awesome articles.
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.