Alternatives and similar repositories for x8-Burp

Users that are interested in x8-Burp are comparing it to the libraries listed below

• ethicalhackingplayground / TProxer

  View on GitHub
  A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
  ☆185Nov 22, 2021Updated 4 years ago
• 0xsapra / fuzzparam

  View on GitHub
  ☆59Apr 8, 2021Updated 4 years ago
• Co0nan / ParamsExtractor

  View on GitHub
  A burp-suite plugin that extract all parameter names from in-scope requests
  ☆29Nov 9, 2021Updated 4 years ago
• trickest / mksub

  View on GitHub
  Generate tens of thousands of subdomain combinations in a matter of seconds
  ☆273Sep 25, 2023Updated 2 years ago
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,015Sep 8, 2024Updated last year
• MindPatch / lorsrf

  View on GitHub
  Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load
  ☆297Sep 22, 2024Updated last year
• 0xDexter0us / Scavenger

  View on GitHub
  Burp extension to create target specific and tailored wordlist from burp history.
  ☆255Dec 8, 2021Updated 4 years ago
• NagliNagli / Shockwave-OSS

  View on GitHub
  ☆758Jun 26, 2024Updated last year
• xnl-h4ck3r / GAP-Burp-Extension

  View on GitHub
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,495Jan 8, 2026Updated last month
• allyomalley / BurpParamFlagger

  View on GitHub
  A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…
  ☆132Feb 19, 2021Updated 4 years ago
• daffainfo / match-replace-burp

  View on GitHub
  Useful "Match and Replace" burpsuite rules
  ☆362Sep 26, 2023Updated 2 years ago
• Sh1Yo / request_smuggler

  View on GitHub
  Http request smuggling vulnerability scanner
  ☆229Aug 11, 2022Updated 3 years ago
• volkandindar / agartha

  View on GitHub
  A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…
  ☆394Feb 4, 2026Updated last week
• R0X4R / bhedak

  View on GitHub
  A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
  ☆109Mar 1, 2022Updated 3 years ago
• bp0lr / gauplus

  View on GitHub
  ☆299Jul 16, 2022Updated 3 years ago
• theinfosecguy / QuickXSS

  View on GitHub
  Automating XSS using Bash
  ☆361Jan 27, 2026Updated 2 weeks ago
• ferreiraklet / Jeeves

  View on GitHub
  Jeeves SQLI Finder
  ☆218May 13, 2022Updated 3 years ago
• koaj / ffw-content-discovery

  View on GitHub
  Funny Fuzzing Wordlist
  ☆14Jun 14, 2022Updated 3 years ago
• haticeerturk / scoper

  View on GitHub
  This is a Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.
  ☆97Jan 2, 2025Updated last year
• root4loot / rescope

  View on GitHub
  Bugbounty scope tool
  ☆332Mar 5, 2025Updated 11 months ago
• thelikes / fuzzmost

  View on GitHub
  all manner of wordlists
  ☆24Jan 19, 2022Updated 4 years ago
• Josue87 / gotator

  View on GitHub
  Gotator is a tool to generate DNS wordlists through permutations.
  ☆503Jul 17, 2022Updated 3 years ago
• iustin24 / chameleon

  View on GitHub
  ☆383May 17, 2023Updated 2 years ago
• honoki / burp-copy-regex-matches

  View on GitHub
  Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.
  ☆34Feb 12, 2022Updated 4 years ago
• xnl-h4ck3r / xnLinkFinder

  View on GitHub
  A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
  ☆1,515Jan 15, 2026Updated last month
• ExpLangcn / agartha

  View on GitHub
  a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …
  ☆49Apr 25, 2022Updated 3 years ago
• payloadartist / recon

  View on GitHub
  NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.
  ☆78Nov 5, 2022Updated 3 years ago
• trickest / mkpath

  View on GitHub
  Make URL path combinations using a wordlist
  ☆169Sep 25, 2023Updated 2 years ago
• emadshanab / Some-BugBounty-Tips-from-my-Twitter-feed

  View on GitHub
  ☆40Jul 24, 2022Updated 3 years ago
• root-tanishq / userefuzz

  View on GitHub
  User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
  ☆382May 19, 2023Updated 2 years ago
• p0dalirius / webapp-wordlists

  View on GitHub
  This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contai…
  ☆533Dec 4, 2024Updated last year
• thomashartm / burp-aem-scanner

  View on GitHub
  Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common m…
  ☆75Mar 22, 2024Updated last year
• hakluke / hakfindinternaldomains

  View on GitHub
  Feed it a list of subdomains, it will resolve them and tell you which ones are internal
  ☆93Nov 21, 2021Updated 4 years ago
• Roni-Carta / onhandlers

  View on GitHub
  ☆13Feb 18, 2022Updated 3 years ago
• moeinfatehi / Backup-Finder

  View on GitHub
  A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CON…
  ☆163Mar 27, 2024Updated last year
• trickest / dsieve

  View on GitHub
  Filter and enrich a list of subdomains by level
  ☆210Sep 25, 2023Updated 2 years ago
• TheBinitGhimire / NtHiM

  View on GitHub
  Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection!
  ☆382Jun 7, 2023Updated 2 years ago
• R0X4R / Garud

  View on GitHub
  An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and…
  ☆800Jul 4, 2023Updated 2 years ago
• hisxo / JSpector

  View on GitHub
  A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
  ☆373Jul 25, 2023Updated 2 years ago