Python3 Script To Scan PHP Files For XSS Vulnerabilities
htmLawed is a PHP script to process text with HTML markup to make it more compliant with HTML standards and administrative policies. It works by making HTML well-formed with balanced and properly nested tags, neutralizing code that may be used for cross-site scripting (XSS) attacks, allowing only specified HTML tags and attributes and URL protocols through black- or white-lists. It can also tidy/pretty-print HTML, make relative URLs absolute, check for spam, etc. It is small (single file of ~50
bWAPP is an "extremely buggy wep app" intended for researching and discovering common security issues. It deliberately covers over 100 vulnerabilities ranging from SQL injection, to XSS, CGI exploits, SSL tampering, remote code execution, RFI, SSRF, CORS, buffer overflows; and replicates many high-profile exploits of other applications (Drupal, Wordpress). It's implemented in PHP, but of course only meant to be run in a sandbox or with its bee-box VM exposing further server process vulnerabili
|