PortSwigger / param-miner

Related projects ⓘ

Alternatives and complementary repositories for param-miner

• wagiro / BurpBounty
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,680Updated 6 months ago
• defparam / smuggler
  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
  ☆1,819Updated 10 months ago
• PortSwigger / http-request-smuggler
  ☆958Updated 11 months ago
• mandatoryprogrammer / xsshunter
  The XSS Hunter service - a portable version of XSSHunter.com
  ☆1,491Updated last year
• elkokc / reflector
  Burp plugin able to find reflected XSS on page in real-time while browsing on site
  ☆1,133Updated 3 years ago
• cujanovic / SSRF-Testing
  SSRF (Server Side Request Forgery) testing resources
  ☆2,352Updated last month
• tomnomnom / meg
  Fetch many paths for many hosts - without killing the hosts
  ☆1,607Updated 9 months ago
• infosec-au / altdns
  Generates permutations, alterations and mutations of subdomains and then resolves them
  ☆2,333Updated 6 months ago
• Quitten / Autorize
  Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease appli…
  ☆960Updated 3 weeks ago
• 1ndianl33t / Gf-Patterns
  GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
  ☆1,218Updated 2 months ago
• nahamsec / JSParser
  ☆788Updated last year
• PortSwigger / turbo-intruder
  Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
  ☆1,499Updated 2 weeks ago
• fransr / postMessage-tracker
  A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
  ☆1,059Updated 9 months ago
• devanshbatham / FavFreak
  Making Favicon.ico based Recon Great again !
  ☆1,127Updated last year
• AlephNullSK / dnsgen
  Generates combination of domain names from the provided input.
  ☆901Updated 4 months ago
• Ice3man543 / SubOver
  A Powerful Subdomain Takeover Tool
  ☆931Updated last year
• 0xInfection / XSRFProbe
  The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
  ☆1,107Updated 3 weeks ago
• jobertabma / relative-url-extractor
  A small tool that extracts relative URLs from a file.
  ☆729Updated 4 years ago
• nccgroup / AutoRepeater
  Automated HTTP Request Repeating With Burp Suite
  ☆846Updated 2 years ago
• chrislockard / api_wordlist
  A wordlist of API names for web application assessments
  ☆760Updated last year
• yassineaboukir / sublert
  Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…
  ☆990Updated 3 years ago
• jdonsec / AllThingsSSRF
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,225Updated 3 years ago
• haccer / subjack
  Subdomain Takeover tool written in Go
  ☆1,911Updated last year
• RenwaX23 / XSS-Payloads
  List of XSS Vectors/Payloads
  ☆1,190Updated last week
• ssl / ezXSS
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆1,906Updated 3 weeks ago
• projectdiscovery / shuffledns
  MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering…
  ☆1,327Updated this week
• zigoo0 / JSONBee
  A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
  ☆669Updated 6 months ago
• assetnote / wordlists
  Automated & Manual Wordlists provided by Assetnote
  ☆1,325Updated 3 months ago
• assetnote / commonspeak2
  Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
  ☆695Updated last year
• gwen001 / github-search
  A collection of tools to perform searches on GitHub.
  ☆1,347Updated last year