A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
☆384Nov 26, 2024Updated last year
Alternatives and similar repositories for brainstorm
Users that are interested in brainstorm are comparing it to the libraries listed below
Sorting:
- AI-powered ffuf wrapper☆651Dec 4, 2025Updated 3 months ago
- A research project to add some brrrrrr to Burp☆208Feb 16, 2026Updated last month
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆795Updated this week
- A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.☆852Jan 5, 2026Updated 2 months ago
- An IIS short filename enumeration tool☆1,131Nov 25, 2024Updated last year
- A lightweight GPT model, trained to discover subdomains.☆351Dec 18, 2025Updated 3 months ago
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆560Mar 8, 2025Updated last year
- ☆144Mar 10, 2026Updated last week
- The Most Advanced Client-Side Prototype Pollution Scanner☆247Feb 3, 2026Updated last month
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,782May 22, 2024Updated last year
- Gotta go fast☆155Dec 5, 2025Updated 3 months ago
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated last year
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,134Mar 15, 2026Updated last week
- Bounty Prompt is an Open-Source Burp Suite extension by Bounty Security that leverages advanced AI via Burp AI and Groq AI. It enables us…☆118Feb 23, 2025Updated last year
- A fast WordPress plugin enumeration tool☆796Updated this week
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆312Mar 31, 2024Updated last year
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- ai-based domain name generation☆128Feb 3, 2025Updated last year
- Tool to fuzz for interesting vhost.☆24Jan 8, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,532Mar 8, 2026Updated last week
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbit…☆735Dec 26, 2025Updated 2 months ago
- Hidden parameters discovery suite☆2,033Sep 8, 2024Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,297Aug 7, 2025Updated 7 months ago
- ☆421Jan 13, 2026Updated 2 months ago
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆293Apr 9, 2024Updated last year
- De-clutter a list of URLs☆385Mar 8, 2026Updated last week
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆755Dec 19, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆44Feb 24, 2025Updated last year
- Header Exploitation HTTP☆723Updated this week
- ☆42Nov 15, 2025Updated 4 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆900Mar 12, 2026Updated last week
- PoC☆12Apr 7, 2025Updated 11 months ago
- Abuse trust-boundaries to bypass firewalls and network controls☆410Jul 24, 2025Updated 7 months ago
- ☆45Mar 5, 2025Updated last year
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆90May 2, 2024Updated last year
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆427Updated this week
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆398Jul 23, 2025Updated 7 months ago
- Zero shot vulnerability discovery using LLMs☆2,586Feb 6, 2025Updated last year