A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
☆387Nov 26, 2024Updated last year
Alternatives and similar repositories for brainstorm
Users that are interested in brainstorm are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- AI-powered ffuf wrapper☆759Dec 4, 2025Updated 4 months ago
- A research project to add some brrrrrr to Burp☆209Feb 16, 2026Updated 2 months ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆845Mar 24, 2026Updated last month
- A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.☆863Jan 5, 2026Updated 3 months ago
- A lightweight GPT model, trained to discover subdomains.☆361Dec 18, 2025Updated 4 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- An IIS short filename enumeration tool☆1,146Nov 25, 2024Updated last year
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆562Mar 8, 2025Updated last year
- ☆144Mar 10, 2026Updated last month
- The Most Advanced Client-Side Prototype Pollution Scanner☆248Apr 22, 2026Updated last week
- Gotta go fast☆154Dec 5, 2025Updated 4 months ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆314May 16, 2024Updated last year
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,821May 22, 2024Updated last year
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,181Updated this week
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Bounty Prompt is an Open-Source Burp Suite extension by Bounty Security that leverages advanced AI via Burp AI and Groq AI. It enables us…☆122Feb 23, 2025Updated last year
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆312Mar 31, 2024Updated 2 years ago
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- A fast WordPress plugin enumeration tool☆829Apr 13, 2026Updated 2 weeks ago
- Tool to fuzz for interesting vhost.☆23Jan 8, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,543Mar 8, 2026Updated last month
- ai-based domain name generation☆139Feb 3, 2025Updated last year
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbit…☆749Dec 26, 2025Updated 4 months ago
- Hidden parameters discovery suite☆2,050Sep 8, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,339Aug 7, 2025Updated 8 months ago
- ☆422Mar 26, 2026Updated last month
- De-clutter a list of URLs☆387Mar 8, 2026Updated last month
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆294Apr 9, 2024Updated 2 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆756Dec 19, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆44Feb 24, 2025Updated last year
- Header Exploitation HTTP☆733Updated this week
- ☆42Nov 15, 2025Updated 5 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆902Updated this week
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PoC☆12Apr 7, 2025Updated last year
- Abuse trust-boundaries to bypass firewalls and network controls☆417Jul 24, 2025Updated 9 months ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆91May 2, 2024Updated last year
- ☆45Mar 5, 2025Updated last year
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆432Updated this week
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆401Jul 23, 2025Updated 9 months ago
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing☆143Jun 27, 2023Updated 2 years ago