xssmap
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities (by secdec)
oxo
OXO is a security scanning orchestrator for the modern age. (by Ostorlab)
| xssmap | oxo | |
|---|---|---|
| 1 | 3 | |
| 150 | 552 | |
| 1.3% | 0.5% | |
| 10.0 | 9.5 | |
| over 2 years ago | 5 days ago | |
| Python | Python | |
| Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xssmap
Posts with mentions or reviews of xssmap.
We have used some of these posts to build our list of alternatives
and similar projects.
-
Docker explained for pentesters
Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:
oxo
Posts with mentions or reviews of oxo.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-01-15.
-
Open-Source Detector of CISA's Known Exploitable Vulnerabilities
That repo also has no license information that I can tell, although the pip install is Apache 2 <https://github.com/Ostorlab/ostorlab#readme>
- Open-Source Distributed Security Scanning Platform
-
Is this tool worth it ?
A few days ago, they announced they went open-source, I gave it a try and it looks cool. I run a network scan with multiple tools at the same time(nmap,tsunami,nuclei) and got back a full report with just a few commands.
What are some alternatives?
When comparing xssmap and oxo you can also consider the following projects:
dheater - D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
masscan_as_a_service - masscan as a service
kcare-uchecker - A simple tool to detect outdated shared libraries
rapidscan - :new: The Multi-Tool Web Vulnerability Scanner.