xss

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Source code for Hacker101.com - a free online web and mobile security class.

Most advanced XSS scanner.

A list of resources for those interested in getting started in bug bounties

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

lamp-cloud 支持jdk21、jdk17、jdk11、jdk8，ta基于 SpringCloud + SpringBoot 开发的微服务中后台快速开发平台，专注于多租户(SaaS架构)解决方案，亦可作为普通项目（非SaaS架构）的基础开发框架使用，目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。

Awesome XSS stuff

Top disclosed reports from HackerOne

Web-Security-Learning

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Web Application Security Scanner Framework

Git All the Payloads! A collection of web attack payloads.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

XSS'OR - Hack with JavaScript.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Collection of quality safety articles. Awesome articles.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.