A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
☆383Nov 26, 2024Updated last year
Alternatives and similar repositories for brainstorm
Users that are interested in brainstorm are comparing it to the libraries listed below
Sorting:
- AI-powered ffuf wrapper☆646Dec 4, 2025Updated 2 months ago
- A research project to add some brrrrrr to Burp☆207Feb 16, 2026Updated last week
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆723Updated this week
- An IIS short filename enumeration tool☆1,123Nov 25, 2024Updated last year
- A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.☆848Jan 5, 2026Updated last month
- Bounty Prompt is an Open-Source Burp Suite extension by Bounty Security that leverages advanced AI via Burp AI and Groq AI. It enables us…☆115Feb 23, 2025Updated last year
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,105Updated this week
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆559Mar 8, 2025Updated 11 months ago
- A lightweight GPT model, trained to discover subdomains.☆344Dec 18, 2025Updated 2 months ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,771May 22, 2024Updated last year
- The Most Advanced Client-Side Prototype Pollution Scanner☆246Feb 3, 2026Updated 3 weeks ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- Tool to fuzz for interesting vhost.☆23Jan 8, 2025Updated last year
- A fast WordPress plugin enumeration tool☆783Feb 17, 2026Updated last week
- PoC☆12Apr 7, 2025Updated 10 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,524Jan 15, 2026Updated last month
- ☆145Apr 25, 2024Updated last year
- Gotta go fast☆155Dec 5, 2025Updated 2 months ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,290Aug 7, 2025Updated 6 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbit…☆724Dec 26, 2025Updated 2 months ago
- ☆418Jan 13, 2026Updated last month
- Hidden parameters discovery suite☆2,027Sep 8, 2024Updated last year
- ai-based domain name generation☆120Feb 3, 2025Updated last year
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆311Mar 31, 2024Updated last year
- De-clutter a list of URLs☆386Feb 3, 2026Updated 3 weeks ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆898Feb 23, 2026Updated last week
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆291Apr 9, 2024Updated last year
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing☆142Jun 27, 2023Updated 2 years ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆89May 2, 2024Updated last year
- Zero shot vulnerability discovery using LLMs☆2,506Feb 6, 2025Updated last year
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated 11 months ago
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆427Feb 23, 2026Updated last week
- Adobe Experience Manager (AEM) hacking toolkit☆107Sep 26, 2025Updated 5 months ago
- Header Exploitation HTTP☆711Updated this week
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆160Jul 2, 2024Updated last year
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆282Sep 11, 2025Updated 5 months ago
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- Automated web vulnerability scanning with LLM agents☆451Jun 18, 2025Updated 8 months ago