Toolset for detecting reflected xss in websites
☆114Oct 7, 2018Updated 7 years ago
Alternatives and similar repositories for xssfinder
Users that are interested in xssfinder are comparing it to the libraries listed below
Sorting:
- ☆250Jun 6, 2018Updated 7 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- Simple multi threaded tool to extract domain related data from commoncrawl.org☆31Jul 17, 2018Updated 7 years ago
- A better dns bruteforcer written in golang☆13Nov 4, 2018Updated 7 years ago
- ��☆32Apr 6, 2021Updated 4 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆304Aug 21, 2020Updated 5 years ago
- Generates permutations, alterations and mutations of subdomains. Auto Resolve what we find.☆11Dec 8, 2020Updated 5 years ago
- A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!☆87Apr 3, 2020Updated 5 years ago
- a .js scanner, built in php. designed to scrape urls and other info☆228Aug 22, 2017Updated 8 years ago
- Extract subdomains from SSL certificates in HTTPS sites.☆389Mar 3, 2025Updated last year
- bountytpl – template generator cli. By using a template similar to the ones for Template Generator (https://github.com/fransr/template-ge…☆47Aug 5, 2019Updated 6 years ago
- Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack☆41Dec 23, 2022Updated 3 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆26Dec 12, 2018Updated 7 years ago
- A mini webserver with FTP support for XXE payloads☆341Jan 3, 2024Updated 2 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- A permutation generation tool written in golang☆209Jul 15, 2019Updated 6 years ago
- DOM XSS scanner for Single Page Applications☆414Nov 15, 2025Updated 3 months ago
- Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.☆67Apr 25, 2025Updated 10 months ago
- ☆11Aug 25, 2018Updated 7 years ago
- Bug Bounty statistics tool.☆33Nov 17, 2022Updated 3 years ago
- Print out URL schemas from an Android app☆128Feb 9, 2025Updated last year
- A tool for fetching archived URLs (to be rewritten in Go).☆41Jul 19, 2018Updated 7 years ago
- Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions☆226Mar 29, 2022Updated 3 years ago
- Collection of scripts that aid in penetration testing of JSON Web Tokens☆59Feb 2, 2019Updated 7 years ago
- Burp plugin able to find reflected XSS on page in real-time while browsing on site☆1,203Feb 2, 2021Updated 5 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆318May 22, 2023Updated 2 years ago
- A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms ti…☆96Jun 5, 2021Updated 4 years ago
- Tool to try multiple paths for PHPunit RCE CVE-2017-9841☆29Oct 18, 2021Updated 4 years ago
- WebBorer is a directory-enumeration tool written in Go.☆44Mar 7, 2023Updated 3 years ago
- Pentest/BugBounty progress control with scanning modules☆281Jul 16, 2020Updated 5 years ago
- Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.☆629Mar 18, 2022Updated 3 years ago
- ☆20Jan 25, 2019Updated 7 years ago
- ☆332Jan 8, 2018Updated 8 years ago
- jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.☆154Feb 15, 2021Updated 5 years ago
- Burp Suite Extension to monitor new scope☆200Mar 31, 2021Updated 4 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆677Jan 28, 2024Updated 2 years ago
- The Serverless Blind XSS App☆338Feb 21, 2026Updated 2 weeks ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- This tool can be used to brute discover GET and POST parameters☆1,393Aug 24, 2019Updated 6 years ago