lhaelmgfjpbojjjhpnbnjlhbkfemglik
Security testing: inject payloads into input fields. XSS, SQLi, optional Smart-Injection (heuristic category) and more. XSSassin: The Ultimate Payload Injector for Pentesters & Bug Bounty Hunters XSSassin is an advanced security testing extension designed specifically for ethical hackers, penetration testers, and security-conscious developers. Seamlessly inject common attack payloads directly into web page input fields to test for vulnerabilities like XSS, SQLi, and more—all with a single click! 1. Per-site enable — Stays off until you enable it for the current origin, so normal browsing stays clean. Runs in iframes when enabled (all_frames). 2. Hover inject — Focus a text field, textarea, or contenteditable control; a small control appears so you can inject using your configured defaults. 3. In-page payload panel — Pick payloads by category (built-ins + Custom) without leaving the page. 4. Smart-Injection (optional) — Infers a likely payload category from the field (name, id, placeholder, type, autocomplete, etc.) and page URL. Biases random picks; does not run when you lock a fixed default payload or use Custom → Random (custom list only). 5. Auto fill all — Fills every matching input on the page. With Smart-Injection on, each field can get a different inferred category. 6. Copy payload — Copies a payload to the clipboard per your rules; with Smart-Injection, prefers the currently focused field when possible. 7. Default & random behavior — Popup lets you set category scope (all categories, one category, or Custom only), optional specific preset, and “Random (no default)” rules. 🛠 WHO IS THIS FOR? QA Engineers and Developers ensuring their forms are sanitized and secure. ⚠️ IMPORTANT / DISCLAIMER: XSSassin is built strictly for educational purposes and authorized ethical hacking. Only use this tool on applications you own or have explicit permission to test. The developers assume no liability for misuse.
SecuriScanX
Harden your input points - detect SQLi, XSS & CMDi within seconds. 𝗦𝗲𝗰𝘂𝗿𝗶𝗦𝗰𝗮𝗻𝗫: 𝗬𝗼𝘂𝗿 𝗢𝗻𝗲-𝗖𝗹𝗶𝗰𝗸 𝗪𝗲𝗯𝘀𝗶𝘁𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗚𝘂𝗮𝗿𝗱 SecuriScanX is a powerful but easy-to-use tool designed to keep websites safe from hackers. It works like a digital security guard, automatically checking any web page for common security weaknesses in seconds. 🚀 𝙒𝙝𝙮 𝙞𝙩’𝙨 𝙖 𝙂𝙖𝙢𝙚-𝘾𝙝𝙖𝙣𝙜𝙚𝙧 𝙛𝙤𝙧 𝘽𝙪𝙜 𝙃𝙪𝙣𝙩𝙚𝙧𝙨 & 𝙋𝙚𝙣𝙩𝙚𝙨𝙩𝙚𝙧𝙨 For those in Web Pentesting and Bug Bounty, speed and efficiency are everything. SecuriScanX acts as your first line of attack during the reconnaissance phase: ▶ 𝗙𝗮𝘀𝘁 𝗦𝘂𝗿𝗳𝗮𝗰𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀: Instead of manually testing every single input, run SecuriScanX to quickly identify which fields are vulnerable to SQLi, XSS, or Command Injection. ▶ 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗚𝗮𝘁𝗵𝗲𝗿𝗶𝗻𝗴 (𝗣𝗮𝘀𝘀𝗶𝘃𝗲 𝗦𝗰𝗮𝗻): It automatically uncovers hidden details like sensitive info in HTML comments, missing security headers, and cookie configurations that could lead to bigger exploits. ▶ 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝘁 𝗙𝘂𝘇𝘇𝗶𝗻𝗴: The tool doesn't just "guess"; it uses intelligent context detection to send the right payloads to the right fields (e.g., login-specific payloads for auth forms). ▶ 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 "𝗟𝗼𝘄-𝗛𝗮𝗻𝗴𝗶𝗻𝗴 𝗙𝗿𝘂𝗶𝘁" 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝘆: It saves you hours of manual work by flagging obvious vulnerabilities instantly, allowing you to focus your energy on more complex manual exploits. 𝙒𝙝𝙤 𝙞𝙨 𝙞𝙩 𝙛𝙤𝙧? ▶ 𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿𝘀 & 𝗣𝗲𝗻𝘁𝗲𝘀𝘁𝗲𝗿𝘀: To speed up their initial testing and find easy vulnerabilities. ▶ 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿𝘀: To quickly find and fix security bugs before they go live. ▶ 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗲𝗮𝗿𝗻𝗲𝗿𝘀: To understand how real-world cyber threats look and work. 𝙆𝙚𝙮 𝙁𝙚𝙖𝙩𝙪𝙧𝙚𝙨: ▶ 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰 𝗦𝗰𝗮𝗻𝗻𝗶𝗻𝗴: Scans input boxes (username, password, search) to see if they are properly protected. ▶ 𝗢𝗪𝗔𝗦𝗣 𝗧𝗼𝗽 𝟭𝟬 𝗙𝗼𝗰𝘂𝘀: Detects critical issues like SQLi, XSS, and Command Injections (CMDi). ▶ 𝗣𝗮𝘀𝘀𝗶𝘃𝗲 𝗥𝗲𝗰𝗼𝗻𝗻𝗮𝗶𝘀𝘀𝗮𝗻𝗰𝗲: Inspects HTML comments, Security Headers, and Cookies for bad configurations. ▶ 𝗩𝗶𝘀𝘂𝗮𝗹 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝗲𝗿: If a weakness is found, it highlights the exact area on the webpage in red or orange.
Wayback Recon Pro
Reconnaissance toolkit for Wayback Machine archives. Extract URLs, subdomains, parameters, and sensitive files. Transform your security reconnaissance with the most advanced Wayback Machine interface available. Designed for bug bounty hunters, penetration testers, and security researchers who demand professional-grade tools. • Main Domain Scanner - Retrieve all archived URLs from primary domain • Wildcard Domain Search - Include all subdomains in reconnaissance • Specific Path Targeting - Focus on exact URL paths for precise analysis • Sensitive File Hunter - Automatically detect config files, backups, database files, keys, and secrets • JavaScript Extractor - Isolate all .js files for API endpoint discovery • Parameter Discovery - Find URLs with query strings for vulnerability testing • Subdomain Enumeration - Collect comprehensive subdomain lists • Status Code Filtering - Filter results by HTTP response codes • Clean, modern interface designed for productivity • Intuitive controls with hover tooltips • Real-time status notifications • Auto-domain extraction from current tab • Glassmorphism design with smooth animations • 100% free - no subscriptions or hidden costs • No data collection or tracking • Direct queries to Wayback Machine API • Open source and transparent • Minimal permissions required Perfect for security professionals conducting reconnaissance, bug bounty hunting, or digital forensics research. All features work instantly without account creation. Crafted for professionals by LostSec.
XSSRush
An automatic XSS scanner XSSRush (XSSR) is an automated XSS scanner that quickly identifies vulnerabilities in web applications.
CyberInject
Professional security testing toolkit for ethical hackers and penetration testers CyberInject is a professional security testing toolkit designed for authorized penetration testers and ethical hackers. Payload Collections - XSS Payloads - 15 cross-site scripting test vectors - SQL Injection - 15 database injection payloads - SSRF - 12 server-side request forgery tests - LFI - 12 local file inclusion vectors - Other Vulnerabilities - 15 additional security tests including XXE, SSTI, Command Injection, and Log4Shell Enhanced Tools - Encoding/Decoding Tools - URL, Base64, HTML Entity, and Hex encoding/decoding - Payload Variation Generator - Automatically generate multiple variations of payloads (case changes, encoding, obfuscation) - Character Counter - Count characters, words, and lines in your payloads - Custom Payloads - Add, organize, and permanently save your own custom injection payloads Smart Features - Real-time Search - Instantly search through all payloads, tools, and references across all categories - Session History- Automatic tracking of all copied payloads with timestamps for audit trails - One-click Copying - Quick clipboard integration with visual feedback - Reference Library - Quick access to HTTP status codes, common ports, OWASP Top 10, and security resources - Intuitive Tabbed Interface - Organized by vulnerability type with smooth navigation - Keyboard Shortcuts - Press 1-8 to quickly switch between categories - Professional Design - Clean, security-focused interface with smooth scrolling fade effects - Smart Search Bar - Filter payloads in real-time as you type - Persistent Storage - All custom payloads and history saved permanently across browser sessions - Instant History Updates - See your testing history update immediately as you work PERFECT FOR: - Security professionals and penetration testers - Bug bounty hunters conducting authorized research - Security training and educational purposes - Authorized vulnerability assessments - Red team operations and security audits - Researchers who need to organize and track custom payloads - Teams who need consistent payload references This extension provides quick access to common security testing payloads without requiring external tools or references. All features work offline with no network requests or data collection. Custom payloads and history are saved permanently using browser storage (chrome.storage API) and will persist across extension sessions. The extension includes: - 69+ pre-loaded security testing payloads - 6 encoding/decoding tools - Comprehensive reference documentation - Unlimited custom payload storage - Complete session history tracking - Real-time search across all content This tool is intended solely for authorized security testing. Users must obtain explicit written permission before testing any systems and comply with all applicable laws. Unauthorized use is prohibited and may be illegal in your jurisdiction. Want to explore the source code or contribute? Check out the project on GitHub: https://github.com/CyberNilsen/CyberInject Version 1.3.0 - Now with enhanced search, history tracking, encoding tools, and improved user experience!
