Test a method against a list of XSS known.

Related tags

Security php-xss-tests
Overview

php-xss-tests

Test a method against a list of XSS known.

How to run

Just execute "run.sh", it will start a docker container to do all stuff.

How I know if my code was successfull ?

After run the container the dirs/files below will be created:

  • html/
    • [timestamp]/
      • xss/ <- HTML with XSS
        • *.html
      • no-xss/ <- HTML with cleanned XSS
        • *.html
  • report/
    • report.[timestamp].csv

You should open the HTML to see if XSS is working, if not your code was successfull.

About the XSS list

All the XSS in "xss-fixture.txt" was obtained from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

Known issues

The "html" dir is creted from the container and is owned by "root" user.

You might also like...
Enable method chaining or fluent expressions for any value and method.

PHP Pipe Operator A (hopefully) temporary solution to implement the pipe operator in PHP. Table of contents Requirements How to install How to use The

Sebastiaan Luca 268 Dec 26, 2022
A Composer script to run a 'test' or 'spec' Composer script against multiple PHP versions.

composer-multitest composer-multitest is a Composer script that runs a test or spec Composer script against multiple PHP versions managed by PHPBrew o

Raphael Stolt 5 Aug 27, 2019
Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.
Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.

This is a port of the VCR Ruby library to PHP. Record your test suite's HTTP interactions and replay them during future test runs for fast, determinis

php-vcr 1.1k Dec 23, 2022
this package can help you to test race condition in Laravel Feature Test
this package can help you to test race condition in Laravel Feature Test

Laravel Async Testing this package can help you to test race condition in Laravel Feature Test Requirements Laravel versions 5.7, 6.x, 7.x and 8.x PHP

Recca Tsai 61 Nov 5, 2022
SNIA SSS PTS test suite based on SNIA's Solid State Storage Performance Test Specification for Transcend products
SNIA SSS PTS test suite based on SNIA's Solid State Storage Performance Test Specification for Transcend products

SNIA-SSS-PTS ABSTRACT SNIA SSS PTS describes a solid state storage device-level performance test methodology, test suite and reporting format intended

Transcend Information, Inc. 6 Nov 2, 2022
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

PHPMD PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly

PHP Mess Detector 2.1k Jan 8, 2023
The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3
The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3

2021 Nightly Builds Repository PHP-Nuke Evolution Xtreme Developers TheGhost - Ernest Allen Buffington (Lead Developer) SeaBeast08 - Sebastian Scott B

Ernest Buffington 7 Aug 28, 2022
Known: a social group platform
Known: a social group platform

Known: a social group platform Installation One-click Known sites If you want to install on your own web space, we recommend Reclaim Hosting, which in

Known 972 Dec 28, 2022
Pokeproject is a web application born from my passion for the known franchise Pokémon.
Pokeproject is a web application born from my passion for the known franchise Pokémon.

POKEPROJECT Gotta catch em' all! About Pokeproject Pokeproject is a web application born from my passion for the known franchise Pokémon. I decided to

Alex 2 Jun 10, 2022
A Laravel package for quickly adding .well-known URLs

A Laravel package for quickly adding .well-known URLs well-known is a Laravel package for quickly adding well-known locations (RFC8615) to a Laravel a

Kim Hallberg 2 Sep 13, 2022
SPAM Registration Stopper is a Q2A plugin that prevents highly probable SPAM user registrations based on well-known SPAM checking services and other techniques

SPAM Registration Stopper [by Gabriel Zanetti] Description SPAM Registration Stopper is a Question2Answer plugin that prevents highly probable SPAM us

Gabriel Zanetti 2 Jan 23, 2022
PHP Class Encoding featuring popular Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strings.
PHP Class Encoding featuring popular Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strings.

forceutf8 PHP Class Encoding featuring popular \ForceUTF8\Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strin

Sebastián Grignoli 1.6k Dec 22, 2022
Audit your PHP version for known CVEs and patches

PHP Version Audit PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new re

Daniel 103 Dec 19, 2022
This library extends the 'League OAuth2 Client' library to provide OpenID Connect Discovery support for supporting providers that expose a .well-known configuration endpoint.

OpenID Connect Discovery support for League - OAuth 2.0 Client This library extends the League OAuth2 Client library to provide OpenID Connect Discove

null 3 Jan 8, 2022
PHP Template Attribute Language — template engine for XSS-proof well-formed XHTML and HTML5 pages

PHPTAL - Template Attribute Language for PHP Requirements If you want to use the builtin internationalisation system (I18N), the php-gettext extension

PHPTAL 175 Dec 13, 2022
Second Stage XSS

SSX Second Stage XSS, This tool will help you to exploit XSS more deeply. Installation: Clone this project This app need permission to write on curren

Dimaz Arno 5 Jul 23, 2022
A simple place to learn XSS
A simple place to learn XSS

XSSPlayground A simple place to learn XSS. Made for myself to learn and to help others (please do use!) Disclaimer This is a works in progress and wil

ac1d 23 Jun 21, 2022
XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Open eClass 2.3 Disclaimer This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to exper

Vissarion Moutafis 10 Feb 14, 2022
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 22 Dec 14, 2022
Owner
null
GitHub
XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Open eClass 2.3 Disclaimer This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to exper

Vissarion Moutafis 10 Feb 14, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 18 Jul 18, 2022
🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

Optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar

Jens Segers 1.2k Jan 2, 2023
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

Daniel Miessler 44.1k Jan 7, 2023
Security advisories as a simple composer exclusion list, updated daily

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

Roave, LLC 2.5k Jan 5, 2023
QaraTMS is open source test case, test suites, test plans and test runs management tool.

QaraTMS - Open Source Test Management System QaraTMS is open source test management software for managing test suites, test cases, test plans, test ru

Alex H 29 Dec 22, 2022
㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

Lars Moelleken 570 Dec 16, 2022
FilterGuard is a simple PHP library for sanitizing data. It provides methods to sanitize strings, integers, floats, booleans, arrays, and objects. The library helps protect against common security vulnerabilities such as XSS and SQL injection.

FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra

Dobren Dragojević 6 Jun 11, 2023
List of Magento extensions with known security issues.

Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software

Sansec 184 Dec 7, 2022