Highlights
Lists (1)
Sort Name ascending (A-Z)
Stars
🖤 Create and share beautiful images of your source code
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Powerful web graphics runtime built on WebGL, WebGPU, WebXR and glTF
Community curated list of templates for the nuclei engine to find security vulnerabilities.
An HTTP/1.1 client, written from scratch for Node.js
A simple browser extension to bypass YouTube's age verification, disable content warnings and watch age restricted videos without having to sign in!
Cross domain local storage, with permissions
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Change monitoring app that checks the content of web pages in different periods.
🔤 A list of all the public package names on npm. Updated daily.
A collection of Server-Side Prototype Pollution gadgets and exploits
Use Snow to finally secure your web app's same origin realms!
Simple "postMessage logger" Chrome extension
A POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension.
MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
Mine URLs from Browser's Heap Snapshot for fun and profit
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Challenges I wrote for various CTF competitions
Use this tool, to inspect postMessages between different tabs and popups. You can use this to find juicy XSS!
A basic Bot consisting of basic commands that helps to manage the server.