A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
☆388Nov 26, 2024Updated last year
Alternatives and similar repositories for brainstorm
Users that are interested in brainstorm are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- AI-powered ffuf wrapper☆711Dec 4, 2025Updated 4 months ago
- A research project to add some brrrrrr to Burp☆208Feb 16, 2026Updated last month
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆834Mar 24, 2026Updated 2 weeks ago
- A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.☆857Jan 5, 2026Updated 3 months ago
- An IIS short filename enumeration tool☆1,137Nov 25, 2024Updated last year
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- A lightweight GPT model, trained to discover subdomains.☆358Dec 18, 2025Updated 3 months ago
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆562Mar 8, 2025Updated last year
- ☆144Mar 10, 2026Updated last month
- The Most Advanced Client-Side Prototype Pollution Scanner☆248Mar 30, 2026Updated last week
- Gotta go fast☆155Dec 5, 2025Updated 4 months ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,808May 22, 2024Updated last year
- Bounty Prompt is an Open-Source Burp Suite extension by Bounty Security that leverages advanced AI via Burp AI and Groq AI. It enables us…☆120Feb 23, 2025Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,162Apr 4, 2026Updated last week
- A fast WordPress plugin enumeration tool☆816Apr 1, 2026Updated last week
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆312Mar 31, 2024Updated 2 years ago
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- Tool to fuzz for interesting vhost.☆24Jan 8, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,538Mar 8, 2026Updated last month
- ai-based domain name generation☆137Feb 3, 2025Updated last year
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbit…☆745Dec 26, 2025Updated 3 months ago
- Hidden parameters discovery suite☆2,044Sep 8, 2024Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,336Aug 7, 2025Updated 8 months ago
- ☆422Mar 26, 2026Updated 2 weeks ago
- De-clutter a list of URLs☆386Mar 8, 2026Updated last month
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆294Apr 9, 2024Updated 2 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆44Feb 24, 2025Updated last year
- Header Exploitation HTTP☆730Apr 3, 2026Updated last week
- ☆42Nov 15, 2025Updated 4 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆900Mar 12, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- PoC☆12Apr 7, 2025Updated last year
- Abuse trust-boundaries to bypass firewalls and network controls☆413Jul 24, 2025Updated 8 months ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆91May 2, 2024Updated last year
- ☆45Mar 5, 2025Updated last year
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆428Mar 30, 2026Updated last week
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆400Jul 23, 2025Updated 8 months ago
- Zero shot vulnerability discovery using LLMs☆2,619Feb 6, 2025Updated last year