Alternatives and similar repositories for xssfinder

Users that are interested in xssfinder are comparing it to the libraries listed below

• zseano / InputScanner

  View on GitHub
  ☆250Jun 6, 2018Updated 7 years ago
• Damian89 / extended-xss-search

  View on GitHub
  A better version of my xssfinder tool - scans for different types of xss on a list of urls.
  ☆188Aug 3, 2019Updated 6 years ago
• Damian89 / commonCrawlParser

  View on GitHub
  Simple multi threaded tool to extract domain related data from commoncrawl.org
  ☆31Jul 17, 2018Updated 7 years ago
• cosmoscrew / gomassdns

  View on GitHub
  A better dns bruteforcer written in golang
  ☆13Nov 4, 2018Updated 7 years ago
• incogbyte / jsearch

  View on GitHub
  ☆31Apr 6, 2021Updated 4 years ago
• daeken / httprebind

  View on GitHub
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆304Aug 21, 2020Updated 5 years ago
• bp0lr / altdns

  View on GitHub
  Generates permutations, alterations and mutations of subdomains. Auto Resolve what we find.
  ☆11Dec 8, 2020Updated 5 years ago
• pry0cc / subgen

  View on GitHub
  A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
  ☆87Apr 3, 2020Updated 5 years ago
• zseano / JS-Scan

  View on GitHub
  a .js scanner, built in php. designed to scrape urls and other info
  ☆226Aug 22, 2017Updated 8 years ago
• franccesco / getaltname

  View on GitHub
  Extract subdomains from SSL certificates in HTTPS sites.
  ☆388Mar 3, 2025Updated 11 months ago
• fransr / bountytpl

  View on GitHub
  bountytpl – template generator cli. By using a template similar to the ones for Template Generator (https://github.com/fransr/template-ge…
  ☆48Aug 5, 2019Updated 6 years ago
• codewatchorg / Burp-IndicatorsOfVulnerability

  View on GitHub
  Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack
  ☆41Dec 23, 2022Updated 3 years ago
• eur0pa / goGetBucket

  View on GitHub
  A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
  ☆26Dec 12, 2018Updated 7 years ago
• staaldraad / xxeserv

  View on GitHub
  A mini webserver with FTP support for XXE payloads
  ☆342Jan 3, 2024Updated 2 years ago
• bayotop / off-by-slash

  View on GitHub
  Burp extension to detect alias traversal via NGINX misconfiguration at scale.
  ☆265Nov 18, 2021Updated 4 years ago
• subfinder / goaltdns

  View on GitHub
  A permutation generation tool written in golang
  ☆206Jul 15, 2019Updated 6 years ago
• fcavallarin / domdig

  View on GitHub
  DOM XSS scanner for Single Page Applications
  ☆417Nov 15, 2025Updated 3 months ago
• lc / jenkinz

  View on GitHub
  Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.
  ☆67Apr 25, 2025Updated 9 months ago
• gwen001 / BBstats

  View on GitHub
  Bug Bounty statistics tool.
  ☆33Nov 17, 2022Updated 3 years ago
• kobs0N / iOS-Penetration-Test-Tools

  View on GitHub
  ☆11Aug 25, 2018Updated 7 years ago
• teknogeek / get_schemas

  View on GitHub
  Print out URL schemas from an Android app
  ☆128Feb 9, 2025Updated last year
• EdOverflow / curate

  View on GitHub
  A tool for fetching archived URLs (to be rewritten in Go).
  ☆41Jul 19, 2018Updated 7 years ago
• netscylla / JWT_Hacking

  View on GitHub
  Collection of scripts that aid in penetration testing of JSON Web Tokens
  ☆59Feb 2, 2019Updated 7 years ago
• infosec-au / enumXFF

  View on GitHub
  Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
  ☆226Mar 29, 2022Updated 3 years ago
• elkokc / reflector

  View on GitHub
  Burp plugin able to find reflected XSS on page in real-time while browsing on site
  ☆1,201Feb 2, 2021Updated 5 years ago
• lc / theftfuzzer

  View on GitHub
  TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
  ☆318May 22, 2023Updated 2 years ago
• BugBountyResources / Resources

  View on GitHub
  A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms ti…
  ☆96Jun 5, 2021Updated 4 years ago
• RandomRobbieBF / phpunit-brute

  View on GitHub
  Tool to try multiple paths for PHPunit RCE CVE-2017-9841
  ☆29Oct 18, 2021Updated 4 years ago
• Matir / webborer

  View on GitHub
  WebBorer is a directory-enumeration tool written in Go.
  ☆44Mar 7, 2023Updated 2 years ago
• c0rv4x / project-black

  View on GitHub
  Pentest/BugBounty progress control with scanning modules
  ☆281Jul 16, 2020Updated 5 years ago
• TheHackerDev / race-the-web

  View on GitHub
  Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
  ☆628Mar 18, 2022Updated 3 years ago
• C-Sto / Jaqen

  View on GitHub
  ☆20Jan 25, 2019Updated 7 years ago
• bugbountyforum / XSS-Radar

  View on GitHub
  ☆332Jan 8, 2018Updated 8 years ago
• kapytein / jsonp

  View on GitHub
  jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.
  ☆154Feb 15, 2021Updated 5 years ago
• Regala / burp-scope-monitor

  View on GitHub
  Burp Suite Extension to monitor new scope
  ☆200Mar 31, 2021Updated 4 years ago
• whitel1st / docem

  View on GitHub
  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
  ☆674Jan 28, 2024Updated 2 years ago
• mazen160 / xless

  View on GitHub
  The Serverless Blind XSS App
  ☆338May 14, 2025Updated 9 months ago
• EdOverflow / megplus

  View on GitHub
  Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
  ☆305Oct 14, 2018Updated 7 years ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,390Aug 24, 2019Updated 6 years ago