# Cross-Site Scripting Vulnerability Scanners > Search results for `scan for cross-site scripting vulnerabilities in web apps` on awesome-repositories.com. 117 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/scan-for-cross-site-scripting-vulnerabilities-in-web-apps **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/scan-for-cross-site-scripting-vulnerabilities-in-web-apps).** ## Results - [owasp/cheatsheetseries](https://awesome-repositories.com/repository/owasp-cheatsheetseries.md) (32,298 ⭐) — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentralized, collaborative editorial process. By utilizing a version-controlled, markdown-based workflow, the series ensures that security guidance remains vendor-neutral, peer-reviewed, and universally accessible. This structure allows the community to rapidly evolve and maintain technical documentation, ensuring that defensive strategies keep pace with emerging threats and shifting technology stacks. The project provides extensive coverage of critical security areas, including robust input validation, access control enforcement, and supply chain risk management. It offers detailed implementation guides for securing cloud-native architectures, containerized environments, and various language-specific frameworks. Furthermore, the series addresses advanced topics such as artificial intelligence agent safety, prompt injection prevention, and zero-trust architectural principles. The documentation is maintained as an open-source repository, with content transformed into a navigable web format through automated static site generation. - [cross-rs/cross](https://awesome-repositories.com/repository/cross-rs-cross.md) (8,235 ⭐) — Cross is a container-based build environment and cross-compilation tool for Rust. It functions as a multi-architecture binary builder and testing framework, allowing users to compile crates into binaries for different operating systems and CPU architectures without installing local toolchains on the host system. The project distinguishes itself by using Docker images to provide consistent toolchains and system dependencies for foreign target architectures. It integrates the Zig toolchain within container images to facilitate compilation across various architectures and library versions, and it supports executing test suites against non-native architectures through containerized emulation. The system provides capabilities for image management, including the use of custom Dockerfiles and registry images. It manages the build lifecycle through pre-build script execution, environment variable mapping, and the configuration of container runtimes. Additionally, it includes observability features such as system call tracing for binaries running on foreign architectures. - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [silentsignal/damn-vulnerable-stateful-web-app](https://awesome-repositories.com/repository/silentsignal-damn-vulnerable-stateful-web-app.md) (14 ⭐) — Short and simple vulnerable PHP web application that naïve scanners found to be perfectly safe - [s0md3v/xsstrike](https://awesome-repositories.com/repository/s0md3v-xsstrike.md) (14,752 ⭐) — XSStrike is an automated security scanning engine designed for web application discovery, input - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integrates advanced reconnaissance capabilities, including cloud infrastructure assessment, subdomain discovery, and technology fingerprinting, into a unified workflow that can be orchestrated via a command-line interface or programmatic API. Beyond core scanning, the project provides a comprehensive suite of tools for external attack surface management, including asset inventorying, visual evidence capture, and automated ticketing integration. It supports collaborative security operations through team workspaces, centralized template management, and real-time alerting, ensuring that vulnerability findings can be tracked, verified, and remediated within a single environment. The platform is distributed as a command-line utility and supports containerized execution, enabling integration into existing CI/CD pipelines and automated security workflows. - [dermike/electron-physical-web-scan](https://awesome-repositories.com/repository/dermike-electron-physical-web-scan.md) (0 ⭐) — Scan for Physical Web (Eddystone) bluetooth beacons from your computer. Mac OSX desktop app of the physical-web-scan project made with Electron. - [hahwul/dalfox](https://awesome-repositories.com/repository/hahwul-dalfox.md) (4,846 ⭐) — Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion testing, while employing AST-based DOM analysis to trace data flow from sources to execution sinks. Its broader capabilities include multi-stage parameter profiling, out-of-band callback verification for blind vulnerabilities, and the generation of SARIF-compatible result exports. The tool supports authenticated scanning through custom headers and cookies, as well as the integration of curated external payload lists. The tool can be integrated into automation pipelines using machine-readable outputs and specific exit codes for CI signaling. - [ultimatehackers/xsstrike](https://awesome-repositories.com/repository/ultimatehackers-xsstrike.md) (15,027 ⭐) — XSStrike is a security tool designed to detect cross-site scripting vulnerabilities through parameter fuzzing and web response analysis. It functions as a web application fuzzer and vulnerability scanner that identifies injection points and security flaws. The project includes a specialized utility for detecting blind XSS, where payloads execute asynchronously or on separate pages. It also features a JavaScript library auditor to identify outdated libraries with known vulnerabilities and a dedicated tool for identifying and bypassing web application firewalls using various evasion techniques. Its broader capabilities encompass multi-threaded web page crawling to map site structures and a high-volume input parameter fuzzing engine to trigger unexpected server behaviors. - [christophetd/log4shell-vulnerable-app](https://awesome-repositories.com/repository/christophetd-log4shell-vulnerable-app.md) (1,142 ⭐) — Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform covers a broad range of security domains, including injection flaws, cross-site scripting, weak cryptography, and insecure network configurations. It further includes capabilities for secrets detection and the generation of structured security and privacy compliance reports. Integration is supported via a pipeline scanner that manages process exit codes for CI/CD automation. - [kubescape/kubescape](https://awesome-repositories.com/repository/kubescape-kubescape.md) (11,489 ⭐) — Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Model Context Protocol server to enable natural language security querying and real-time streaming of findings. The system covers a broad range of security domains, including compliance auditing against industry benchmarks, runtime threat detection using eBPF and system probes, and the automated generation of network policies. It further provides risk quantification for prioritization, infrastructure-as-code auditing, and automated remediation through image patching and manifest fixes. The project is deployed using a Kubernetes operator to automate the lifecycle of its security components and provides specific support for air-gapped environments through offline scanning and manual framework provisioning. - [cr0hn/vulnerable-node](https://awesome-repositories.com/repository/cr0hn-vulnerable-node.md) (487 ⭐) — A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools - [posthog/posthog](https://awesome-repositories.com/repository/posthog-posthog.md) (35,060 ⭐) — PostHog is a comprehensive product analytics and feature management platform designed to capture, process, and visualize user behavior data. It provides a unified suite for tracking application events, managing feature rollouts, and monitoring system health through session recordings and error tracking. By leveraging a columnar-storage-optimized architecture, the platform enables high-performance aggregation and filtering across massive event datasets. What distinguishes PostHog is its integrated approach to data pipelines and application control. It features a robust event ingestion system that supports custom transformation logic through sandboxed scripting, allowing for real-time data manipulation before storage. The platform also includes a sophisticated feature flagging service that supports multivariate testing and dynamic configuration across web and mobile environments, alongside automated anomaly detection and alerting engines that monitor data streams for performance shifts. The platform covers a broad observability surface, including application performance monitoring, qualitative user feedback collection via targeted surveys, and detailed activity auditing. It provides extensive administrative controls, such as granular access management and secure proxy infrastructure, to ensure reliable data collection and compliance. Developers can interact with the platform through a documented API that supports authenticated access, rate limiting, and efficient result pagination. - [mishakorzik/allhackingtools](https://awesome-repositories.com/repository/mishakorzik-allhackingtools.md) (5,186 ⭐) — AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social engineering suite for simulating phishing attacks and credential recovery. The system covers a broad range of operational capabilities, including network packet sniffing, wireless network attacks, and denial-of-service execution. It also incorporates web security testing for identifying SQL injection and cross-site scripting vulnerabilities, alongside utilities for password hash cracking and custom wordlist generation. The environment is managed through a shell-scripted interface that handles system package dependencies and provides options for terminal appearance customization and theme application. - [nvidia/nemo-guardrails](https://awesome-repositories.com/repository/nvidia-nemo-guardrails-2.md) (6,453 ⭐) — NeMo-Guardrails is a toolkit for adding programmable safety constraints and dialogue boundaries to large language model conversational systems. It functions as security middleware that intercepts inputs and outputs to block prompt injections, jailbreaks, and sensitive data leaks, while providing a conversational dialogue manager to define structured interaction flows through configuration files. The framework includes a hallucination filter to screen model outputs for factual accuracy and a specialized modeling language for defining conversational flows and constraints. It provides capabilities for conversational dialogue steering to keep assistants on topic and uses safety moderation to block prohibited content. The system covers broader capability areas including vulnerability testing and safety evaluation tooling to scan for weaknesses. It also provides observability through request tracing, retrieved context validation to filter sensitive information, and secure tool execution for agentic workflows. The project can be deployed as a standalone HTTP server or via containerized microservices to provide protected chat completions to external clients. - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities. - [spaceraccoon/npm-scan](https://awesome-repositories.com/repository/spaceraccoon-npm-scan.md) (50 ⭐) — An extensible, heuristic-based vulnerability scanning tool for installed npm packages - [fuzzdb-project/fuzzdb](https://awesome-repositories.com/repository/fuzzdb-project-fuzzdb.md) (8,819 ⭐) — fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-site scripting, path traversal, and other common security vulnerabilities. The library covers a broad range of capabilities, including server configuration auditing, sensitive data discovery, and security filter evasion. It provides patterns to identify predictable resources, writable directories, and source disclosure vulnerabilities, as well as payloads for injecting OS commands, XPath, and remote file includes. - [openhands/openhands](https://awesome-repositories.com/repository/openhands-openhands.md) (77,330 ⭐) — OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It supports complex, multi-agent collaboration via hierarchical task delegation, allowing parent agents to spawn and manage independent sub-agents for parallelized workflows. Security is managed through configurable action approval policies and real-time risk evaluation, ensuring that autonomous operations remain within defined safety boundaries. The system covers a broad capability surface including persistent conversation state management, automated code review, and web research automation. It features an event-driven architecture that serializes interactions into immutable logs, facilitating observability and time-travel debugging. Developers can extend agent functionality through custom skill definitions, plugin packages, and integration with external services via standardized protocols. The project provides a command-line interface for managing agent sessions, remote server deployments, and containerized workspace lifecycles. It is designed for extensibility, allowing users to configure agent behavior through structured objects, markdown-based definitions, and environment-specific settings. - [vulnerscom/nmap-vulners](https://awesome-repositories.com/repository/vulnerscom-nmap-vulners.md) (3,381 ⭐) — NSE script based on Vulners.com API - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements. - [artemnovichkov/swift-for-scripting](https://awesome-repositories.com/repository/artemnovichkov-swift-for-scripting.md) (314 ⭐) — 📋A hand-curated collection of useful and informative Swift Scripting materials. - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting. Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide. - [thekingofduck/fuzzdicts](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md) (8,355 ⭐) — fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL injection and cross-site scripting. The available datasets cover several capability areas, including hidden asset discovery, subdomain enumeration, and security vulnerability scanning. - [rust-cross/rust-musl-cross](https://awesome-repositories.com/repository/rust-cross-rust-musl-cross.md) (743 ⭐) — Docker images for compiling static Rust binaries using musl-cross - [expo/expo](https://awesome-repositories.com/repository/expo-expo.md) (50,111 ⭐) — Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules without manual intervention. It also features a file-based routing system that maps directory structures directly to navigation paths, and an over-the-air update service that enables the deployment of JavaScript and asset changes directly to user devices, bypassing traditional app store review cycles. Beyond these core capabilities, the platform offers a wide range of integrated services for managing project metadata, environment variables, and persistent data storage. It includes a robust set of UI components and utilities for handling hardware-level features such as camera access, geolocation, audio and video playback, and push notifications. Developers can also leverage managed cloud services to orchestrate custom build profiles and automate CI/CD workflows. The project is managed via a command-line interface that facilitates project setup, native module integration, and the generation of custom development builds. Documentation and tooling are provided to support both standalone applications and the integration of Expo into existing native projects. - [site-shot/site-shot-mcp](https://awesome-repositories.com/repository/site-shot-site-shot-mcp.md) (0 ⭐) — Give Claude, Cursor, and other AI agents the ability to see any web page — take website screenshots with Site-Shot over the Model Context Protocol. - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent execution across different cloud providers and features a checkpoint system to resume interrupted workflows from the last point of failure. The toolkit covers a broad range of capabilities, including passive and active subdomain enumeration, open-source intelligence gathering, and network infrastructure analysis. It also incorporates automated vulnerability scanning for common web flaws and CVEs, differential asset tracking to identify new targets, and the generation of security reports using artificial intelligence. The environment can be deployed via container orchestration and integrated into CI/CD pipelines for recurring security checks. - [fingerprintjs/fingerprintjs](https://awesome-repositories.com/repository/fingerprintjs-fingerprintjs.md) (27,334 ⭐) — Fingerprint is a visitor identification and fraud detection platform that generates persistent, unique identifiers by analyzing browser and device attributes. By extracting technical signals from the client environment, it enables reliable user tracking across sessions without relying on traditional cookies. The platform distinguishes itself through its focus on high-accuracy identification and security-first architecture. It employs edge-side proxying to bypass ad-blockers and privacy restrictions, ensuring consistent data collection. To maintain data integrity, it uses cryptographic payload sealing and server-side verification flows, which prevent tampering by ensuring that identification data is processed securely on the backend rather than solely on the client. Beyond core identification, the project provides a comprehensive suite for bot detection and security. It analyzes network metadata, device reputation, and behavioral patterns to identify malicious traffic, AI agents, and automated scrapers. These capabilities are supported by granular risk assessment tools, including confidence scoring and protection rulesets that allow for automated blocking of suspicious interactions. The platform offers extensive administrative and integration features, including multi-environment resource isolation, regional data residency controls, and programmatic API management. It supports diverse deployment environments through framework-specific SDKs, mobile integration, and automated proxy infrastructure deployment. - [daffainfo/allaboutbugbounty](https://awesome-repositories.com/repository/daffainfo-allaboutbugbounty.md) (6,644 ⭐) — AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access controls, two-factor authentication, CAPTCHA protections, rate limiting, and web application firewalls, as well as methods for exploiting OAuth misconfigurations, JWT vulnerabilities, and NoSQL injection. The collection also addresses denial of service attacks, file inclusion and upload exploitation, CSRF crafting, and reconnaissance techniques using Google, GitHub, and Shodan dorks. It provides guidance on discovering scope, detecting exposed metadata, and exploiting business logic flaws such as coupon code abuse, refund manipulation, and currency arbitrage. - [googleworkspace/apps-script-samples](https://awesome-repositories.com/repository/googleworkspace-apps-script-samples.md) (5,190 ⭐) — This repository is a comprehensive sample library providing reference implementations for automating tasks and extending functionality across Google Workspace applications. It serves as a collection of code examples and templates for building workspace automation scripts, custom add-ons, and integrated productivity tools. The project distinguishes itself by providing specialized examples for integrating large language models into productivity tools for content generation and data analysis. It also includes reference implementations for creating conversational chat apps, interactive cards, and agentic AI workflows. The library covers a broad range of capabilities, including the development of custom user interfaces and spreadsheet functions, the implementation of event-driven triggers and scheduling, and the integration of external APIs. It further demonstrates professional development lifecycles through examples of local development synchronization, version management, and CI/CD deployment pipelines. - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applications to confirm vulnerabilities. It utilizes graph-based data flow analysis to trace execution paths from user inputs to sensitive sinks, ensuring that security findings are based on reachable threats rather than raw scan results. By operating in isolated or air-gapped environments, the system maintains strict data sovereignty and residency, ensuring that source code and sensitive analysis data remain within the local perimeter. Beyond core testing, the platform provides comprehensive security observability and supply chain auditing. It correlates static code analysis with dynamic runtime exploitation to provide a unified view of risk, while automatically deduplicating findings to reduce alert noise. The system also supports the software supply chain by generating compliant manifests and inspecting container images without requiring a local container runtime. The platform integrates directly into existing development workflows, delivering verified patches to source control and synchronizing remediation status with external project management tools. It includes robust support for compliance reporting, audit trails, and risk acceptance management to meet regulatory requirements. - [voorivex/pentest-guide](https://awesome-repositories.com/repository/voorivex-pentest-guide.md) (2,761 ⭐) — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-party security tools. The guide covers a broad spectrum of security analysis, including attack surface mapping, authentication and session auditing, and infrastructure configuration reviews. It provides detailed procedures for identifying common vulnerabilities such as injection flaws, broken access control, business logic gaps, and token-based security issues. The project is organized as a collection of manuals and checklists, including a web security audit checklist and a dedicated API security testing manual. - [lissy93/web-check](https://awesome-repositories.com/repository/lissy93-web-check.md) (33,721 ⭐) — Web-check is a self-hosted diagnostic platform designed to perform comprehensive technical reconnaissance and security audits on web domains. It functions as a network scanner that inspects infrastructure by querying IP addresses, DNS records, SSL certificate chains, and server headers to identify potential misconfigurations or vulnerabilities. The platform is built to run within private infrastructure, ensuring that site investigations remain independent of external tracking or third-party data logging. By utilizing server-side request proxying, the tool bypasses client-side security restrictions to conduct direct network-level inspections. It further enhances its diagnostic capabilities by orchestrating concurrent requests to various third-party services, aggregating metadata into structured intelligence through a modular pipeline. The application is packaged as a containerized service, allowing for consistent deployment across cloud environments or local servers. Users can configure the platform’s behavior and service rate limits through environment variables, enabling the activation of specific analysis checks based on individual requirements. The software supports multiple installation methods, including one-click cloud deployments, container-based execution, and manual builds from source code. - [hautdefrance/web-gui-for-sqlite](https://awesome-repositories.com/repository/hautdefrance-web-gui-for-sqlite.md) (0 ⭐) — Web GUI for SQLite is a web-based SQLite browser written in JavaScript. - [security-code-scan/security-code-scan](https://awesome-repositories.com/repository/security-code-scan-security-code-scan.md) (975 ⭐) — Vulnerability Patterns Detector for C# and VB.NET - [flutter-team-archive/plugins](https://awesome-repositories.com/repository/flutter-team-archive-plugins.md) (17,710 ⭐) — This project is a collection of official plugin packages and a native integration library designed to provide a consistent interface for accessing hardware and software functionality across different mobile and desktop platforms. It serves as a native platform bridge, enabling cross-platform applications to invoke native code and manage operating system dependencies. The project utilizes a federated plugin architecture, splitting plugins into common interfaces and separate platform implementations to allow for independent development and extension. It further supports native integration through a foreign function interface for synchronous and asynchronous execution between isolates and host operating systems. The codebase covers a broad range of capabilities including state management, declarative app navigation, and local data persistence using SQL and key-value stores. It also encompasses networking primitives for authenticated HTTP and WebSocket communication, as well as comprehensive testing frameworks for unit, widget, and integration verification. Additional surface areas include AI integration for model-agnostic APIs and text-to-UI conversion, alongside a suite of UI components, physics-based animations, and monitoring tools for application performance profiling and crash reporting. - [jsx-eslint/eslint-plugin-react](https://awesome-repositories.com/repository/jsx-eslint-eslint-plugin-react.md) (9,287 ⭐) — This project is an ESLint plugin and static analysis tool designed to enforce best practices, prevent bugs, and maintain code quality in React projects. It functions as a specialized JSX linter that analyzes the syntax and structure of components to detect anti-patterns and API misuse. The plugin distinguishes itself by providing deep analysis of React-specific patterns, such as detecting state race conditions, preventing nested component definitions, and identifying unstable references that cause unnecessary re-renders. It also includes security hardening rules to identify vulnerabilities like cross-site scripting and unsafe DOM attributes within markup. Beyond core logic, the tool covers a wide range of capabilities including architectural enforcement, performance optimization, and comprehensive style standardization. It provides automated rule fixing and curated configuration presets to maintain consistent naming conventions, prop definitions, and formatting across a codebase. - [javascript-tutorial/en.javascript.info](https://awesome-repositories.com/repository/javascript-tutorial-en-javascript-info.md) (25,344 ⭐) — This project is a comprehensive JavaScript programming tutorial and language reference. It serves as a web development education resource providing instruction on modern language fundamentals, object-oriented design, and advanced asynchronous programming patterns. The resource functions as both a frontend development guide and a technical reference. It covers core language features such as closures, prototypes, promises, and typed arrays, while providing practical lessons on managing browser data and handling network requests. The content spans several key capability areas, including browser API integration, data structure manipulation, and frontend web development. It specifically covers the manipulation of the document object model, the handling of browser events, and the creation of reusable web components. The documentation is delivered as a collection of static-site generated pages created from markdown files. - [greatfrontend/top-reactjs-interview-questions](https://awesome-repositories.com/repository/greatfrontend-top-reactjs-interview-questions.md) (5,691 ⭐) — This project is a comprehensive interview preparation guide and technical study resource for React. It functions as a frontend engineering curriculum and coding challenge bank designed to help developers master the internal mechanics, patterns, and core fundamentals of the React ecosystem. The resource distinguishes itself by providing a curated collection of technical interview questions, conceptual quizzes, and expert solutions. It includes a bank of coding challenges that can be solved in a browser-based environment with automated test cases and real-time rendering, as well as research into company-specific interview patterns. The curriculum covers a broad range of capabilities, including state management, performance optimization, and quality assurance strategies. It provides detailed guidance on architectural primitives, UI rendering, error handling, and frontend testing workflows. - [ravirupareliya/rn-in-app-review](https://awesome-repositories.com/repository/ravirupareliya-rn-in-app-review.md) (78 ⭐) — React native package to add in app review functionality for android and ios applications - [pumasecurity/puma-scan](https://awesome-repositories.com/repository/pumasecurity-puma-scan.md) (0 ⭐) — Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis as development teams write code. In Visual Studio, vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs… - [crowdsecurity/crowdsec](https://awesome-repositories.com/repository/crowdsecurity-crowdsec.md) (12,574 ⭐) — CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offloads active blocking to lightweight external components known as bouncers. These bouncers query the central API to synchronize threat intelligence and apply real-time remediation across distributed environments. The system also features a hub-based configuration management framework, allowing users to download and deploy community-curated security scenarios, parsers, and collections to ensure consistent protection against evolving threats. The platform provides a comprehensive suite of tools for security operations, including automated log parsing pipelines, event-driven plugin systems for notification workflows, and extensive command-line utilities for infrastructure management. It supports flexible deployment patterns across standalone, containerized, and cloud-native environments, enabling centralized orchestration of security agents and fleet-wide monitoring of threat activity. The project includes a robust documentation and command-line interface that facilitates the lifecycle management of security components, from initial service discovery and configuration to the validation of detection logic and the auditing of active security policies. - [aidenybai/react-scan](https://awesome-repositories.com/repository/aidenybai-react-scan.md) (21,370 ⭐) — React Scan is a diagnostic utility and performance auditor designed to monitor the rendering lifecycle of components within user interfaces. It functions as an automated analysis tool that tracks component re-render cycles and execution timing to identify performance bottlenecks in real time. The tool distinguishes itself by providing visual feedback through a persistent overlay injected directly into the application. By instrumenting the reconciliation process and observing component state and props, it highlights specific rendering patterns that contribute to performance degradation. This utility covers a broad range of observability and debugging capabilities, focusing on the analysis of component update behavior. It is intended for use during development to troubleshoot and optimize the execution speed of complex component trees. - [photoprism/photoprism](https://awesome-repositories.com/repository/photoprism-photoprism.md) (39,816 ⭐) — PhotoPrism is a self-hosted digital asset management platform designed to organize, classify, and manage large collections of photos and videos on personal infrastructure. It functions as a private alternative to cloud-based services, ensuring that all media remains under the user's control. The platform utilizes neural-network-based media analysis to automatically detect objects, faces, and locations, providing a comprehensive, AI-powered approach to library organization. The project distinguishes itself through its containerized architecture, which simplifies deployment and lifecycle management across diverse hardware environments. It features an asynchronous background worker system that handles compute-intensive tasks like transcoding and thumbnail generation, ensuring the web interface remains responsive even during large-scale indexing operations. Furthermore, it employs a sidecar-based metadata persistence model, storing information in external files alongside original assets to maintain data portability and independence from the primary database. Beyond its core organization capabilities, the platform provides a robust suite of tools for library management, including duplicate detection, geospatial mapping, and advanced metadata-based search. It supports secure, authenticated access through a responsive web interface and offers granular control over media sharing and privacy settings. Users can extend the platform's functionality through custom AI model configurations and integrate it with external identity providers for centralized authentication. The application is distributed as a containerized service, typically managed via Docker Compose, and includes comprehensive documentation for deployment, database maintenance, and performance optimization on various hardware architectures. - [juanmamenendez/autohotkey-script-open-show-apps](https://awesome-repositories.com/repository/juanmamenendez-autohotkey-script-open-show-apps.md) (149 ⭐) — AutoHotkey script to open, restore or minimize, Window's and Chrome's Apps using hotkeys - [cure53/dompurify](https://awesome-repositories.com/repository/cure53-dompurify.md) (16,638 ⭐) — DOMPurify is a security-focused library designed to sanitize untrusted HTML input, preventing cross-site scripting attacks by stripping malicious code while preserving safe content. It functions as a utility for secure document object model manipulation, ensuring that user-provided rich text can be rendered safely within web applications. The library distinguishes itself through a single-pass, mutation-observer-free processing model that operates on detached document fragments to avoid triggering unintended side effects. It employs recursive node traversal and context-aware logic to inspect and neutralize dangerous elements at any depth, validating all markup against a strictly defined allowlist of permitted tags and attributes. Beyond basic sanitization, the project provides comprehensive support for browser-level security standards, including integration with trusted types policies. This ensures that sanitized output is compatible with modern security requirements, preventing the injection of unverified strings into sensitive document sinks. The library is available as a standalone package and includes a polyfill to maintain consistent security enforcement across different browser environments. - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchronous network transfers. It features a non-blocking event loop that enables multiple simultaneous transfers within a single thread, alongside a connection pooling mechanism that reuses network sockets to minimize latency. Security is a primary focus, implemented through a pluggable architecture that supports various cryptographic backends, native certificate store integration, and comprehensive authentication mechanisms for protected resources. Beyond core data movement, the project includes extensive support for modern networking standards, including HTTP/3, WebSockets, and MQTT. It offers sophisticated state management through a built-in cookie engine and provides granular control over request headers, URL construction, and batch processing. These capabilities are supported by robust debugging tools that allow for the inspection of raw request and response data during development. The project is distributed with standard configuration scripts and package management support to facilitate integration into diverse build environments. - [rexxars/react-markdown](https://awesome-repositories.com/repository/rexxars-react-markdown.md) (15,773 ⭐) — react-markdown is a React renderer that converts markdown text into a virtual DOM to safely display formatted content. It functions as a markdown syntax parser and renderer that transforms markdown strings into structural elements, ensuring XSS-safe content delivery. The project allows for the mapping of standard markdown elements to custom React components for specialized styling and behavior. It supports syntax extensions through a plugin system, enabling additional formatting features such as tables, footnotes, and tasklists. The system includes security primitives for HTML and URL sanitization, using element filtering and schema-based validation to remove unsafe tags. It also supports asynchronous plugin processing for data fetching during the transformation process.