PortSwigger/url-cheatsheet-data

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PortSwigger/url-cheatsheet-data)

PortSwigger / url-cheatsheet-data

This is the data that powers the PortSwigger URL validation bypass cheat sheet.

☆59

Alternatives and similar repositories for url-cheatsheet-data

Users that are interested in url-cheatsheet-data are comparing it to the libraries listed below

Sorting:

blacklanternsecurity / nmappalyzer
View on GitHub
A lightweight Python 3 Nmap wrapper that doesn't try too hard. Gracefully handles any Nmap command, providing access to all output types …
☆16Jan 13, 2022Updated 4 years ago
sa1tama0 / Blind-XSS-SVG
View on GitHub
Blind XSS SVG
☆10Mar 27, 2023Updated 2 years ago
matanber / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆16Jul 17, 2024Updated last year
ThePirateWhoSmellsOfSunflowers / KingCastle
View on GitHub
Quick overview of the domain.
☆55Updated this week
moblig / Trickest
View on GitHub
Custom Trickest Workflows
☆12Oct 26, 2023Updated 2 years ago
maulvialf / CTF-Challs-Archive
View on GitHub
I created this to dump challenge for CTF that I participated
☆12May 26, 2023Updated 2 years ago
jnqpblc / Randomness
View on GitHub
Snippets of scripting randomness
☆13Jun 9, 2022Updated 3 years ago
securekomodo / CVE-2024-22026
View on GitHub
Exploit POC for CVE-2024-22026 affecting Ivanti EPMM "MobileIron Core"
☆15May 15, 2024Updated last year
horizon3ai / CVE-2024-8190
View on GitHub
CVE-2024-8190: Ivanti Cloud Service Appliance Command Injection
☆17Sep 16, 2024Updated last year
maliciousgroup / IP-Obfuscator
View on GitHub
A redteam tool to obfuscate IPv4 addresses to evade AV or Application Firewalls
☆18Mar 18, 2020Updated 5 years ago
TheArqsz / tenant-domains
View on GitHub
A simple Bash script to discover all domains associated with a specific Microsoft 365 tenant - new replacement for check_mdi
☆42Sep 23, 2025Updated 5 months ago
zer0yu / anew
View on GitHub
A tool for adding new lines to files, skipping duplicates and written in Rust!
☆19May 8, 2025Updated 10 months ago
GitHubSecurityLab / ruby-unsafe-deserialization
View on GitHub
Proof of Concepts for unsafe deserialization in Ruby
☆17Oct 17, 2024Updated last year
PortSwigger / ai-prompt-fuzzer
View on GitHub
Burp extension to fuzz/brute force GenAI/LLM prompts using a list of various payloads.
☆29Sep 4, 2025Updated 6 months ago
neKuehn / MADs
View on GitHub
General scripts that gather information out of Active Directory
☆16Jun 9, 2022Updated 3 years ago
masa42 / CVE-2024-38819-POC
View on GitHub
☆38Dec 14, 2024Updated last year
airman604 / schtask_now
View on GitHub
☆18Feb 14, 2019Updated 7 years ago
jumpycastle / rre-burp
View on GitHub
Burp extension for Recursive Request Exploits (RRE) — DEFCON 2025
☆122Jan 30, 2026Updated last month
mswell / burnrecon
View on GitHub
is a tool to automate and organize reconnaissance operations.
☆25Sep 6, 2023Updated 2 years ago
bsysop / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆17Jan 31, 2021Updated 5 years ago
assetnote / jira-mobile-ssrf-exploit
View on GitHub
Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
☆89Jul 5, 2022Updated 3 years ago
kevin-mizu / GMSGadget
View on GitHub
This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) an…
☆132Feb 4, 2026Updated last month
random-robbie / s3-tko
View on GitHub
AWS S3 Bucket Finder.
☆14Oct 28, 2025Updated 4 months ago
SorceryIE / cfor_exploit
View on GitHub
Exploit script for the CFOR vulnerability using Github's GraphQL API
☆23Aug 7, 2024Updated last year
random-robbie / grayhatwarfare-docs-finder
View on GitHub
Finds Documents On Cloud Assets Using grayhatwarfare API for short urls
☆23Mar 2, 2022Updated 4 years ago
vulnerabilitylabs / aem-hacker
View on GitHub
☆20Jun 16, 2019Updated 6 years ago
gwen001 / apk-analyzer
View on GitHub
Analyze an APK archive.
☆28Feb 24, 2024Updated 2 years ago
Adversis / NextjsServerActionAnalyzer
View on GitHub
A Burp Suite extension for analyzing Next.js Server Actions - server-side functions identified by hash IDs and `Next-Action` headers.
☆47Aug 8, 2025Updated 7 months ago
syriusbughunt / CVE-2018-14667
View on GitHub
All about CVE-2018-14667; From what it is to how to successfully exploit it.
☆50Nov 30, 2018Updated 7 years ago
leesoh / np
View on GitHub
A tool to parse, deduplicate, and query multiple port scans.
☆57Aug 11, 2023Updated 2 years ago
random-robbie / cloud-cidr
View on GitHub
AWS,AZURE,GOOGLE CLOUD IP CIDRS
☆50Feb 14, 2022Updated 4 years ago
nullenc0de / Cognitohunter
View on GitHub
A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…
☆21Jan 20, 2025Updated last year
salvatore-abello / pyjail
View on GitHub
A collection of pyjails!
☆28Dec 15, 2025Updated 2 months ago
narfindustries / http-garden
View on GitHub
Differential testing framework for HTTP implementations
☆926Jan 21, 2026Updated last month
ASzampiasSWD / ip-locator
View on GitHub
Grap information for multiple IP Addresses including lat/long, city, state, and if the IP is owned by a VPN.
☆29Aug 29, 2021Updated 4 years ago
codingo / simple
View on GitHub
A collection of one off hacks and simple scripts
☆26Mar 21, 2023Updated 2 years ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆656Jun 29, 2025Updated 8 months ago
Devang-Solanki / recon.cloud
View on GitHub
recon.cloud is website that scans AWS, Azure and GCP public cloud footprint this GO tool only utilize its API for getting result to termi…
☆25Feb 11, 2023Updated 3 years ago
riramar / SmuggleTP
View on GitHub
A straightforward tool for exploiting SMTP Smuggling vulnerabilities.
☆14Jul 22, 2024Updated last year