OneListForAll
AwesomeXSS
| OneListForAll | AwesomeXSS | |
|---|---|---|
| 1 | 2 | |
| 2,346 | 4,645 | |
| - | - | |
| 5.6 | 2.7 | |
| about 1 month ago | 9 days ago | |
| Shell | JavaScript | |
| - | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OneListForAll
AwesomeXSS
-
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
AwesomeXSS https://github.com/s0md3v/AwesomeXSS
-
Filter bypass
You don't need to use alert. You can try using confirm(). If the website is blocking javascript, you can try to capitalize some letters, something like jAvAscRiPt:confirm(1). You can check this repo, it's a gold mine of xss content.
What are some alternatives?
Open-Redirect-Payloads - Open Redirect Payloads
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Bug-Bounty-Wordlists - A repository that includes all the important wordlists used while bug hunting.
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
dictionaries - Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks
WordList