Search Results for "cross site scripting"

...It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. Insecure Direct Object References (IDOR): Scans for vulnerabilities that might enable attackers to access unauthorized data by manipulating direct object references. ...

...Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance.

Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. XSSer v1.8-3.tar.gz -> md5: 3058a17a1599b0ece5c722fd2e7ff455 XSSer v1.8-3.zip -> md5:840d94fe8d297ec3bbea70fb3bd57f0e

...In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities.

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more. This project has been migrated to github! See details in our project site: http://w3af.org/

...Values 'data' and 'entropy' may consist of arbitrary objects which are transparently pickled(serialized), optionally gzipped and of course securely signed. Specific implementations are included: FormTicket: provides core implementation of state-less Cross Site Request Forgery protection. Other use cases include ticketing object param values pointing at URL:s or services in HTML-objects such as Flash or Java Applets. This adds server-side choises to be made while preventing users from using arbitrary values. Severe testing is done and will be mandatory for core and every specific implementation. ...

Springenwerk is a free Cross Site Scripting (XSS) security scanner written in Python.