GoSecure/dtd-finder

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/GoSecure/dtd-finder)

GoSecure / dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

☆648

Alternatives and similar repositories for dtd-finder

Users that are interested in dtd-finder are comparing it to the libraries listed below

Sorting:

BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 4 years ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆446Sep 7, 2022Updated 3 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,164May 26, 2023Updated 2 years ago
jmdx / TLS-poison
View on GitHub
☆707Nov 27, 2024Updated last year
neex / http2smugl
View on GitHub
☆562Mar 27, 2025Updated 11 months ago
0xacb / viewgen
View on GitHub
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
☆659Feb 1, 2025Updated last year
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
whitel1st / docem
View on GitHub
A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
☆675Jan 28, 2024Updated 2 years ago
daeken / httprebind
View on GitHub
Automatic tool for DNS rebinding-based SSRF attacks
☆304Aug 21, 2020Updated 5 years ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆953Dec 31, 2021Updated 4 years ago
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,584Jan 27, 2024Updated 2 years ago
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
veracode-research / solr-injection
View on GitHub
Apache Solr Injection Research
☆579Jan 28, 2020Updated 6 years ago
wagiro / BurpBounty
View on GitHub
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
☆1,774Apr 26, 2024Updated last year
0xC01DF00D / Collabfiltrator
View on GitHub
Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.
☆277Jan 28, 2025Updated last year
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆916Jul 3, 2024Updated last year
ZeddYu / HTTP-Smuggling-Lab
View on GitHub
Use HTTP Smuggling Lab to learn HTTP Smuggling.
☆346Nov 20, 2022Updated 3 years ago
staaldraad / xxeserv
View on GitHub
A mini webserver with FTP support for XXE payloads
☆341Jan 3, 2024Updated 2 years ago
BuffaloWill / oxml_xxe
View on GitHub
A tool for embedding XXE/XML exploits into different filetypes
☆1,130Dec 16, 2024Updated last year
doyensec / inql
View on GitHub
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
☆1,737Feb 16, 2026Updated last week
gquere / pwn_jenkins
View on GitHub
Notes about attacking Jenkins servers
☆2,090Jul 10, 2024Updated last year
ameenmaali / qsfuzz
View on GitHub
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
☆303Feb 12, 2023Updated 3 years ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
internetwache / CT_subdomains
View on GitHub
An hourly updated list of subdomains gathered from certificate transparency logs
☆349Oct 13, 2021Updated 4 years ago
teknogeek / ssrf-sheriff
View on GitHub
A simple SSRF-testing sheriff written in Go
☆336Oct 31, 2024Updated last year
irsdl / IIS-ShortName-Scanner
View on GitHub
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
☆1,632Sep 3, 2023Updated 2 years ago
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,082Aug 14, 2024Updated last year
allanlw / svg-cheatsheet
View on GitHub
A cheatsheet for exploiting server-side SVG processors.
☆794Jul 2, 2020Updated 5 years ago
lc / theftfuzzer
View on GitHub
TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
☆318May 22, 2023Updated 2 years ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆657Jun 29, 2025Updated 8 months ago
JackOfMostTrades / gadgetinspector
View on GitHub
A byte code analyzer for finding deserialization gadget chains in Java applications
☆1,079Jun 15, 2021Updated 4 years ago
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,286Apr 13, 2024Updated last year
SpiderMate / B-XSSRF
View on GitHub
Toolkit to detect and keep track on Blind XSS, XXE & SSRF
☆293Aug 23, 2019Updated 6 years ago
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,489Sep 4, 2025Updated 5 months ago
0ang3el / websocket-smuggle
View on GitHub
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆390Aug 15, 2024Updated last year
httpvoid / writeups
View on GitHub
☆1,200Sep 2, 2022Updated 3 years ago