Alternatives and similar repositories for Recon

Users that are interested in Recon are comparing it to the libraries listed below

• 1hack0 / bug-bounty-101
  Happy Hunting
  ☆138Updated 6 years ago
• PortSwigger / j2ee-scan
  J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tes…
  ☆74Updated 4 years ago
• p3n73st3r / Ghazi
  Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…
  ☆107Updated 6 years ago
• CHYbeta / WAF-Bypass
  WAF Bypass Cheatsheet
  ☆214Updated 8 years ago
• paralax / xss-labs
  small set of scripts to practice exploit XSS and CSRF vulnerabilities
  ☆64Updated 8 years ago
• jas502n / SpringBootVulExploit
  SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 checklist
  ☆30Updated 5 years ago
• hktalent / CVE-2020-2551
  how detect CVE-2020-2551 poc exploit python Weblogic RCE with IIOP
  ☆212Updated 2 years ago
• m6a-UdS / ssrf-lab
  Lab for exploring SSRF vulnerabilities
  ☆247Updated 4 years ago
• gh0stkey / JSONandHTTPP
  Burp Suite Plugin: Convert the json text that returns the body into HTTP request parameters.
  ☆103Updated 4 years ago
• Lopseg / Jsdir
  Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.
  ☆120Updated 5 years ago
• aldaor / HackerOneReports
  Here you can find mostly all disclosed h1 reports
  ☆350Updated 3 years ago
• zer0yu / Berserker
  A list of useful payloads for Web Application Security and Pentest/CTF
  ☆308Updated last year
• PortSwigger / authz
  ☆108Updated 8 years ago
• theLSA / burp-sensitive-param-extractor
  burpsuite extension for check and extract sensitive request parameter
  ☆115Updated 5 years ago
• veracode-research / actuator-testbed
  A vulnerable application exposing Spring Boot Actuators
  ☆123Updated 6 years ago
• xawdxawdx / sentrySSRF
  Tool to searching sentry config on page or in javascript files and check blind SSRF
  ☆71Updated last year
• jas502n / cve-2019-2618
  Weblogic Upload Vuln(Need username password)-CVE-2019-2618
  ☆174Updated 6 years ago
• mpgn / Spring-Boot-Actuator-Exploit
  Spring Boot Actuator (jolokia) XXE/RCE
  ☆324Updated 5 years ago
• artsploit / SecLists
  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in …
  ☆142Updated 6 years ago
• rakjong / BurpPlugin_Shiro
  判断是否使用shiro的burp插件
  ☆10Updated 5 years ago
• ZephrFish / XSSPayloads
  Cross Site Scripting Payloads -- Variations
  ☆72Updated 8 months ago
• masahiro331 / CVE-2020-9484
  ☆127Updated 4 years ago
• rabbitmask / WeblogicScanLot
  WeblogicScanLot系列，Weblogic漏洞批量检测工具，V2.2
  ☆185Updated 5 years ago
• Echocipher / Subdomain-Takeover
  一个子域名接管检测工具
  ☆142Updated 4 years ago
• coco413 / DiscoverSubdomain
  前渗透信息探测工具集-子域名
  ☆137Updated 7 years ago
• Ridter / get_ip_by_ico
  从shodan获取使用了相同favicon.ico的网站
  ☆191Updated 6 years ago
• theLSA / burp-unauth-checker
  burpsuite extension for check unauthorized vulnerability
  ☆237Updated 5 years ago
• jiangsir404 / Xss-Sql-Fuzz
  burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
  ☆63Updated 7 years ago
• LandGrey / abuse-ssl-bypass-waf
  Bypassing WAF by abusing SSL/TLS Ciphers
  ☆319Updated 4 years ago
• TheTwitchy / xxer
  A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
  ☆520Updated 5 years ago