WebHackersWeapons/categorize/langs/JavaScript.md


## The JavaScript based tools

| Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- |
|Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
Update pages 2022-10-07 15:21:49 +00:00
Deploy README.md and Categorize Docs 2022-10-07 15:26:09 +00:00			`## The JavaScript based tools`
Update pages 2022-10-07 15:21:49 +00:00
			`\| Type \| Name \| Description \| Star \| Tags \| Badges \|`
			`\| --- \| --- \| --- \| --- \| --- \| --- \|`
Deploy README.md and Categorize Docs 2022-10-07 15:34:03 +00:00			\|Recon\|[rengine](https://github.com/yogeshojha/rengine)\|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. \|![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			`\|Recon\|[DotGit](https://github.com/davtur19/DotGit)\|An extension for checking if .git is exposed in visited websites\|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Recon\|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)\|\|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			\|Fuzzer\|[jwt-cracker](https://github.com/lmammino/jwt-cracker)\|Simple HS256 JWT token brute force cracker \|![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)\|[`jwt`](/categorize/tags/jwt.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			`\|Scanner\|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)\|XS-Leak Browser Test Suite\|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Scanner\|[jsprime](https://github.com/dpnishant/jsprime)\|a javascript static security analysis tool\|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Scanner\|[PPScan](https://github.com/msrkp/PPScan)\|Client Side Prototype Pollution Scanner\|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			\|Scanner\|[DOMPurify](https://github.com/cure53/DOMPurify)\|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:\|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)\|[`xss`](/categorize/tags/xss.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			`\|Scanner\|[github-search](https://github.com/gwen001/github-search)\|Tools to perform basic search on GitHub. \|![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			\|Scanner\|[domdig](https://github.com/fcavallarin/domdig)\|DOM XSS scanner for Single Page Applications \|![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)\|[`xss`](/categorize/tags/xss.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			`\|Exploit\|[singularity](https://github.com/nccgroup/singularity)\|A DNS rebinding attack framework.\|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)\|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.\|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			\|Utils\|[eval_villain](https://github.com/swoops/eval_villain)\|A Firefox Web Extension to improve the discovery of DOM XSS.\|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)\|[`xss`](/categorize/tags/xss.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			`\|Utils\|[clear-cache](https://github.com/TenSoja/clear-cache)\|Add-on to clear browser cache with a single click or via the F9 key.\|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[wssip](https://github.com/nccgroup/wssip)\|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.\|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[quickjack](https://github.com/samyk/quickjack)\|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.\|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			\|Utils\|[jsfuck](https://github.com/aemkei/jsfuck)\|Write any JavaScript with 6 Characters\|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)\|[`xss`](/categorize/tags/xss.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			\|Utils\|[template-generator](https://github.com/fransr/template-generator)\|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. \|![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			\|Utils\|[xssor2](https://github.com/evilcos/xssor2)\|XSS'OR - Hack with JavaScript.\|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)\|[`xss`](/categorize/tags/xss.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			\|Utils\|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)\|JWT En/Decode and Verify\|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)\|[`jwt`](/categorize/tags/jwt.md)\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|
			`\|Utils\|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)\|XSS payloads designed to turn alert(1) into P1\|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)\|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon\|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)\|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies\|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[CyberChef](https://github.com/gchq/CyberChef)\|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis \|![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
			`\|Utils\|[community-scripts](https://github.com/zaproxy/community-scripts)\|\|![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)\|\|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)\|`
Update pages 2022-10-07 15:21:49 +00:00