Invicti-Security / brainstorm
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
☆299Updated 4 months ago
Alternatives and similar repositories for brainstorm:
Users that are interested in brainstorm are comparing it to the libraries listed below
- ☆173Updated 6 months ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆349Updated 4 months ago
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆272Updated last year
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆134Updated 4 months ago
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens☆156Updated 4 months ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆254Updated 11 months ago
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆136Updated 9 months ago
- CT Log Scanner☆349Updated 3 weeks ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆627Updated last week
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆261Updated last month
- ☆168Updated 7 months ago
- HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy + Exploit Timing Attacks☆173Updated 5 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆157Updated 5 months ago
- ☆169Updated 2 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆632Updated last year
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆334Updated last year
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆116Updated 3 weeks ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆288Updated last year
- A streamlined tool for discovering private TLDs for security research.☆190Updated last week
- PP-finder Help you find gadget for prototype pollution exploitation☆157Updated 8 months ago
- ☆288Updated 3 weeks ago
- ☆199Updated 11 months ago
- An experimental high-performance DNS query bruteforce tool built with AF_XDP for extremely fast and accurate bulk DNS lookups.☆193Updated 2 weeks ago
- The Most Advanced Client-Side Prototype Pollution Scanner☆219Updated this week
- ☆481Updated 11 months ago
- Black box fuzzer for web applications☆426Updated 9 months ago
- MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.☆172Updated 6 months ago
- Search for sensitive data in Postman public library.☆204Updated 3 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆455Updated this week
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆372Updated last week