🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

An XSS exploitation command-line interface and payload generator.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

PwnXSS: Vulnerability (XSS) scanner exploit

XssPayload List . Usage:

swiss army knife for hackers

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

Another web vulnerabilities scanner, this extension works on Chrome and Opera

JAVA 漏洞靶场 (Vulnerability Environment For Java)

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

Automating XSS using Bash

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

Cross-site scripting labs for web application security enthusiasts

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

Collect XSS vulnerable parameters from entire domain.

Automation tool to testing and confirm the xss vulnerability.