☆79Mar 26, 2024Updated last year
Alternatives and similar repositories for sandwich
Users that are interested in sandwich are comparing it to the libraries listed below
Sorting:
- Let's check if your target is vulnerable for client side prototype pollution.☆65Jan 9, 2024Updated 2 years ago
- JsValidator is a tool created for validating the JS files after crawlling it from waybackurls☆19Mar 13, 2023Updated 2 years ago
- A Multi-Processing Tool for collecting and extracting information to an Excel file from a Burp Suite output file.☆10Apr 8, 2024Updated last year
- DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE☆27Nov 28, 2021Updated 4 years ago
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆149Dec 9, 2024Updated last year
- BugBounty , sort and delete duplicates param value without missing original value☆22Jul 31, 2021Updated 4 years ago
- Bash script to extract data from the Waybackmachine☆11Mar 15, 2021Updated 4 years ago
- A collection of famous recon public scripts, but in bash <3☆29Mar 2, 2021Updated 5 years ago
- A tool to guess the rest of the shortnames provided by vulnerable IIS instances.☆41Aug 12, 2023Updated 2 years ago
- A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidde…☆434Oct 16, 2025Updated 4 months ago
- Demo of various ways to exploit post based reflected XSS☆18Jul 6, 2023Updated 2 years ago
- De-clutter a list of URLs☆385Feb 3, 2026Updated last month
- Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool!☆98Mar 4, 2025Updated last year
- Weaponize Your Burp is a repository for automation your Bug Bounty Hunting mindset in Burp Suite☆80Jan 13, 2023Updated 3 years ago
- Generate tens of thousands of subdomain combinations in a matter of seconds☆273Sep 25, 2023Updated 2 years ago
- My own Custom nuclei templates☆26Dec 8, 2021Updated 4 years ago
- Web cache poisoning vulnerability scanner.☆73May 5, 2022Updated 3 years ago
- 🎉 CVE Monitor v1.0☆26Jun 30, 2025Updated 8 months ago
- JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various e…☆48Apr 29, 2024Updated last year
- ☆81Jan 30, 2026Updated last month
- unleashed ffuf☆248Oct 29, 2025Updated 4 months ago
- Find related domains of a given domain.☆104Aug 5, 2023Updated 2 years ago
- Open Redirect scanner - (out of date)☆28Nov 27, 2022Updated 3 years ago
- Subdomain Monitor A production-ready subdomain monitoring system with both API and CLI interfaces.☆74Updated this week
- Identify virtual hosts by similarity comparison☆137Aug 12, 2024Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,773May 22, 2024Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- PP-finder Help you find gadget for prototype pollution exploitation☆189Aug 8, 2024Updated last year
- ☆19Jun 24, 2021Updated 4 years ago
- jxscout superpowers JavaScript analysis for security researchers☆422Feb 15, 2026Updated 3 weeks ago
- This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response ma…☆81Oct 20, 2023Updated 2 years ago
- ☆22Nov 3, 2022Updated 3 years ago
- Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations☆394Jun 17, 2020Updated 5 years ago
- A demo PHP application used to exercise SQL injection techniques in a safe, local Docker environment☆45Jun 3, 2024Updated last year
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,500Jan 8, 2026Updated 2 months ago
- ☆150Nov 27, 2021Updated 4 years ago
- SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.☆38Mar 7, 2021Updated 5 years ago
- Finding XSS during recon☆273Sep 13, 2022Updated 3 years ago
- Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a …☆1,550Feb 25, 2026Updated last week