Alternatives and similar repositories for sandwich

Users that are interested in sandwich are comparing it to the libraries listed below

• kosmosec / proto-find

  View on GitHub
  Let's check if your target is vulnerable for client side prototype pollution.
  ☆65Jan 9, 2024Updated 2 years ago
• SirBugs / JsValidator

  View on GitHub
  JsValidator is a tool created for validating the JS files after crawlling it from waybackurls
  ☆18Mar 13, 2023Updated 2 years ago
• sAjibuu / Burp_Collector

  View on GitHub
  A Multi-Processing Tool for collecting and extracting information to an Excel file from a Burp Suite output file.
  ☆10Apr 8, 2024Updated last year
• M359AH / DepFine

  View on GitHub
  DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE
  ☆27Nov 28, 2021Updated 4 years ago
• Abdulrahman-Kamel / dpfilter

  View on GitHub
  BugBounty , sort and delete duplicates param value without missing original value
  ☆22Jul 31, 2021Updated 4 years ago
• roberreigada / wayback.sh

  View on GitHub
  Bash script to extract data from the Waybackmachine
  ☆11Mar 15, 2021Updated 4 years ago
• zeroc00I / BashitRecon

  View on GitHub
  A collection of famous recon public scripts, but in bash <3
  ☆29Mar 2, 2021Updated 4 years ago
• AethliosIK / reset-tolkien

  View on GitHub
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆148Dec 9, 2024Updated last year
• projectmonke / shortnameguesser

  View on GitHub
  A tool to guess the rest of the shortnames provided by vulnerable IIS instances.
  ☆42Aug 12, 2023Updated 2 years ago
• hoodoer / postBasedXSS

  View on GitHub
  Demo of various ways to exploit post based reflected XSS
  ☆18Jul 6, 2023Updated 2 years ago
• xnl-h4ck3r / urless

  View on GitHub
  De-clutter a list of URLs
  ☆384Feb 3, 2026Updated 2 weeks ago
• xnl-h4ck3r / webpaste

  View on GitHub
  Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool!
  ☆98Mar 4, 2025Updated 11 months ago
• cyspad / Weaponize-Your-Burp

  View on GitHub
  Weaponize Your Burp is a repository for automation your Bug Bounty Hunting mindset in Burp Suite
  ☆79Jan 13, 2023Updated 3 years ago
• trickest / mksub

  View on GitHub
  Generate tens of thousands of subdomain combinations in a matter of seconds
  ☆273Sep 25, 2023Updated 2 years ago
• MR-pentestGuy / nuclei-templates

  View on GitHub
  My own Custom nuclei templates
  ☆26Dec 8, 2021Updated 4 years ago
• Th0h0 / autopoisoner

  View on GitHub
  Web cache poisoning vulnerability scanner.
  ☆72May 5, 2022Updated 3 years ago
• Icare1337 / CVE-Monitor

  View on GitHub
  🎉 CVE Monitor v1.0
  ☆26Jun 30, 2025Updated 7 months ago
• pikpikcu / js-finding

  View on GitHub
  JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various e…
  ☆48Apr 29, 2024Updated last year
• carlospolop / Leakos

  View on GitHub
  ☆79Jan 30, 2026Updated 2 weeks ago
• sw33tLie / uff

  View on GitHub
  unleashed ffuf
  ☆246Oct 29, 2025Updated 3 months ago
• gwen001 / related-domains

  View on GitHub
  Find related domains of a given domain.
  ☆103Aug 5, 2023Updated 2 years ago
• aldo-moreno-leon / ORtester

  View on GitHub
  Open Redirect scanner - (out of date)
  ☆28Nov 27, 2022Updated 3 years ago
• elfarsaouiomar / monitor-new-subdomain

  View on GitHub
  Subdomain Monitor A production-ready subdomain monitoring system with both API and CLI interfaces.
  ☆74Jan 28, 2026Updated 2 weeks ago
• xnl-h4ck3r / XnlReveal

  View on GitHub
  A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidde…
  ☆434Oct 16, 2025Updated 4 months ago
• wdahlenburg / VhostFinder

  View on GitHub
  Identify virtual hosts by similarity comparison
  ☆137Aug 12, 2024Updated last year
• yeswehack / pp-finder

  View on GitHub
  PP-finder Help you find gadget for prototype pollution exploitation
  ☆190Aug 8, 2024Updated last year
• muffyhub / Mindmaps

  View on GitHub
  ☆19Jun 24, 2021Updated 4 years ago
• BishopFox / jsluice

  View on GitHub
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,755May 22, 2024Updated last year
• Static-Flow / RepeaterSearch

  View on GitHub
  This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response ma…
  ☆81Oct 20, 2023Updated 2 years ago
• Jarijaas / helsec-1103

  View on GitHub
  ☆22Nov 3, 2022Updated 3 years ago
• ameenmaali / urldedupe

  View on GitHub
  Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
  ☆392Jun 17, 2020Updated 5 years ago
• h1pmnh / sqli-dojo-docker

  View on GitHub
  A demo PHP application used to exercise SQL injection techniques in a safe, local Docker environment
  ☆45Jun 3, 2024Updated last year
• xnl-h4ck3r / GAP-Burp-Extension

  View on GitHub
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,495Jan 8, 2026Updated last month
• orwagodfather / My-WordLISTs

  View on GitHub
  ☆149Nov 27, 2021Updated 4 years ago
• Dheerajmadhukar / subzzZ

  View on GitHub
  SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
  ☆38Mar 7, 2021Updated 4 years ago
• assetnote / surf

  View on GitHub
  Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
  ☆749Dec 19, 2023Updated 2 years ago
• ferreiraklet / airixss

  View on GitHub
  Finding XSS during recon
  ☆271Sep 13, 2022Updated 3 years ago
• projectdiscovery / notify

  View on GitHub
  Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a …
  ☆1,547Feb 4, 2026Updated last week
• 0xElkot / Bug-Bounty-Automation

  View on GitHub
  ☆116Nov 23, 2022Updated 3 years ago