Alternatives and similar repositories for XSSTRON

Users that are interested in XSSTRON are comparing it to the libraries listed below

• filedescriptor / untrusted-types

  View on GitHub
  ☆695Jul 4, 2022Updated 3 years ago
• lc / subjs

  View on GitHub
  Fetches javascript file from a list of URLS or subdomains.
  ☆834Jul 22, 2025Updated 6 months ago
• 1ndianl33t / Gf-Patterns

  View on GitHub
  GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
  ☆1,397Sep 13, 2024Updated last year
• m4ll0k / BBTz

  View on GitHub
  BBT - Bug Bounty Tools (examples💡)
  ☆1,880Apr 5, 2024Updated last year
• devanshbatham / FavFreak

  View on GitHub
  Making Favicon.ico based Recon Great again !
  ☆1,261Aug 29, 2023Updated 2 years ago
• defparam / smuggler

  View on GitHub
  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
  ☆2,059Jan 2, 2024Updated 2 years ago
• msrkp / PPScan

  View on GitHub
  Client Side Prototype Pollution Scanner
  ☆524Sep 17, 2022Updated 3 years ago
• theinfosecguy / QuickXSS

  View on GitHub
  Automating XSS using Bash
  ☆361Jan 27, 2026Updated 2 weeks ago
• M4DM0e / DirDar

  View on GitHub
  DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
  ☆453Jan 9, 2024Updated 2 years ago
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,015Sep 8, 2024Updated last year
• NagliNagli / Shockwave-OSS

  View on GitHub
  ☆758Jun 26, 2024Updated last year
• devanshbatham / OpenRedireX

  View on GitHub
  A fuzzer for detecting open redirect vulnerabilities
  ☆782Jul 1, 2024Updated last year
• r0075h3ll / Oralyzer

  View on GitHub
  Open Redirection Analyzer
  ☆811Mar 5, 2023Updated 2 years ago
• devanshbatham / ParamSpider

  View on GitHub
  Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
  ☆2,998Jun 24, 2024Updated last year
• rotemreiss / uddup

  View on GitHub
  Urls de-duplication tool for better recon.
  ☆145May 29, 2025Updated 8 months ago
• KingOfBugbounty / KingOfBugBountyTips

  View on GitHub
  Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens…
  ☆5,201Jan 31, 2026Updated 2 weeks ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,581Jan 27, 2024Updated 2 years ago
• s0md3v / uro

  View on GitHub
  declutters url lists for crawling/pentesting
  ☆1,522Feb 23, 2025Updated 11 months ago
• KathanP19 / JSFScan.sh

  View on GitHub
  Automation for javascript recon in bug bounty.
  ☆1,067Sep 9, 2023Updated 2 years ago
• m4ll0k / Atlas

  View on GitHub
  Quick SQLMap Tamper Suggester
  ☆1,391Jul 18, 2022Updated 3 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,771Apr 26, 2024Updated last year
• KathanP19 / Gxss

  View on GitHub
  A tool to check a bunch of URLs that contain reflecting params.
  ☆599Aug 4, 2024Updated last year
• m4ll0k / SecretFinder

  View on GitHub
  SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
  ☆2,376May 26, 2024Updated last year
• honoki / bbrf-client

  View on GitHub
  The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
  ☆642Jul 7, 2025Updated 7 months ago
• optiv / mobile-nuclei-templates

  View on GitHub
  ☆435Jun 1, 2021Updated 4 years ago
• neex / http2smugl

  View on GitHub
  ☆561Mar 27, 2025Updated 10 months ago
• robre / scripthunter

  View on GitHub
  Tool to find JavaScript files on Websites
  ☆526Nov 2, 2023Updated 2 years ago
• hahwul / dalfox

  View on GitHub
  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  ☆4,835Updated this week
• RenwaX23 / XSS-Payloads

  View on GitHub
  List of XSS Vectors/Payloads
  ☆1,360Jan 14, 2026Updated last month
• ksharinarayanan / SSRFire

  View on GitHub
  An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
  ☆971Dec 8, 2021Updated 4 years ago
• obheda12 / GitDorker

  View on GitHub
  A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
  ☆2,486Aug 3, 2024Updated last year
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,042Aug 14, 2024Updated last year
• r3curs1v3-pr0xy / vajra

  View on GitHub
  Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for m…
  ☆705Oct 29, 2021Updated 4 years ago
• xnl-h4ck3r / GAP-Burp-Extension

  View on GitHub
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,495Jan 8, 2026Updated last month
• xnl-h4ck3r / xnLinkFinder

  View on GitHub
  A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
  ☆1,515Jan 15, 2026Updated 3 weeks ago
• ayoubfathi / leaky-paths

  View on GitHub
  A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
  ☆1,021Jun 24, 2024Updated last year
• smaranchand / bucky

  View on GitHub
  Bucky (An automatic S3 bucket discovery tool)
  ☆198Jan 6, 2022Updated 4 years ago
• dark-warlord14 / JSScanner

  View on GitHub
  You can read the writeup on this script here
  ☆274Jul 12, 2020Updated 5 years ago
• ethicalhackingplayground / ssrf-king

  View on GitHub
  SSRF plugin for burp Automates SSRF Detection in all of the Request
  ☆610Jan 20, 2021Updated 5 years ago