Open Redirection Analyzer

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

Safe replacement for the v-html directive

XSSB is a proactive DOM sanitizer, defending against client-side injection attacks!

MIT license BRS-XSS is a modular Python CLI scanner for XSS vulnerabilities. Features context-aware payloads, WAF evasion, DOM analysis via Playwright, ML-based risk scoring, and export in HTML/JSON/SARIF. Designed for integration with Brabus Recon Suite (BRS).

Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰

DOM-based XSS where location.search is written into the page via innerHTML, letting us inject HTML and trigger alert(1) using an SVG onload payload.

DOM-based XSS flaw where location.search is injected into the page via innerHTML, letting us execute arbitrary JavaScript.

DOM XSS in jQuery anchor href attribute sink using location.search source

Discovering the JavaScript parameters for dom-xss

⚡ Tactical JS analysis engine to de-obfuscate bundles and map Source-to-Sink flows for DOM-based vulnerability discovery. Specialized for modern web architectures.

Ultimate DOM Clobbering Cheat Sheet - 100+ exploitation vectors for XSS, CSP bypass, and client-side attacks. Covers browser compatibility, framework evasion, and real-world exploit chains for security researchers and bug bounty hunters

The 29th PoC Hacking Camp - Web Hacking CTF wargame

Advanced Cross-Site Scripting (XSS) vulnerability testing framework with WAF bypass, DOM XSS detection, and comprehensive reporting capabilities.

Firefox extension that detects reflected strings or regex patterns in the live DOM of web pages

a javascript static security analysis tool

BRS-KB is XSS Knowledge Base API

This is a script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab.