Sivnerof/Sources-And-Sinks-Cheatsheet external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Sivnerof/Sources-And-Sinks-Cheatsheet

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Sivnerof/Sources-And-Sinks-Cheatsheet)

Close

Sivnerof / Sources-And-Sinks-CheatsheetView on GitHubMore

• External links
• Readme badge

A cheatsheet for common JavaScript sources and sinks that lead to potential vulnerabilities.

☆56Jun 13, 2023Updated 2 years ago

Alternatives and similar repositories for Sources-And-Sinks-Cheatsheet

Users that are interested in Sources-And-Sinks-Cheatsheet are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• shreyaschavhan / xss

  View on GitHub
  All About XSS
  ☆16Oct 23, 2022Updated 3 years ago
• MantisSTS / JSReconduit

  View on GitHub
  Passive JavaScript reconnaissance for penetration testers — bridging Burp Suite traffic into structured, AST-based analysis in VSCode.
  ☆36Feb 5, 2026Updated last month
• SharokhAtaie / extractify-extension

  View on GitHub
  Extractify extension is a Chrome extension designed for web security testing, enabling users to efficiently extract JavaScript files and …
  ☆30Dec 10, 2024Updated last year
• bebiksior / httpworkbench

  View on GitHub
  HTTP testing platform for security researchers
  ☆21Updated this week
• mirzaaghazadeh / jsdif

  View on GitHub
  A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfac…
  ☆88Apr 19, 2025Updated 11 months ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• AmirMSafari / tldfinder

  View on GitHub
  TLDFinder is a Python package that identifies valid top-level domains (TLDs) for a list of domains with wildcard characters in the TLD.
  ☆24Jul 2, 2023Updated 2 years ago
• OWASP / www-project-top-25-parameters

  View on GitHub
  OWASP Foundation Web Respository
  ☆26Oct 11, 2025Updated 5 months ago
• ariary / DomXssFinder

  View on GitHub
  Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰
  ☆23Feb 27, 2024Updated 2 years ago
• bugfloyd / voorivex-downloader

  View on GitHub
  A simple python script to download Voorivex Academy videos
  ☆18May 17, 2024Updated last year
• kevin-mizu / domloggerpp

  View on GitHub
  A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
  ☆779Dec 9, 2025Updated 3 months ago
• mrvcoder / cloud_data

  View on GitHub
  Get some useful data from Clouds for your targets
  ☆20Mar 15, 2026Updated last week
• shreyaschavhan / regex-notes

  View on GitHub
  My Notes on Regular Expressions for AWAE/OSWE.
  ☆38Sep 5, 2023Updated 2 years ago
• francisconeves97 / jxscout-vscode

  View on GitHub
  ☆27May 21, 2025Updated 10 months ago
• 0x999-x / jsluicepp

  View on GitHub
  jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice
  ☆293Apr 9, 2024Updated last year
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• haqqibrahim / Sling-Shot-R3con

  View on GitHub
  🚀 Sling Shot R3con: Automate Your Bug Bounty and Pentest Reconnaissance with Project Discovery tools 🎯
  ☆25Sep 21, 2023Updated 2 years ago
• Unit-259 / cloudflare_oob

  View on GitHub
  OOB listener powered by cloudflare workers
  ☆12Apr 13, 2025Updated 11 months ago
• aristosMiliaressis / js-analysis-tools

  View on GitHub
  A collection of js analysis tools & scripts.
  ☆19Mar 8, 2026Updated 2 weeks ago
• upmux / tenantfinder

  View on GitHub
  A tool to find domains that are in the same Microsoft tenant
  ☆23Mar 18, 2025Updated last year
• sea-erkin / log-snare

  View on GitHub
  LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.
  ☆33Mar 4, 2024Updated 2 years ago
• ImAyrix / fallparams

  View on GitHub
  Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
  ☆418Aug 25, 2024Updated last year
• debu8er / HiddenEye

  View on GitHub
  ☆19Jan 13, 2025Updated last year
• hamedsj / PitokPMTracker

  View on GitHub
  Refined and Compatible version of Frans Rosen Post Message Tracker Extension
  ☆44Nov 11, 2025Updated 4 months ago
• VoorivexTeam / BugBountyTips

  View on GitHub
  ☆88Sep 20, 2024Updated last year
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• shayanrsh / spa-route-scanner

  View on GitHub
  SPA Route Scanner is a Chrome extension that scans Single Page Applications (SPAs) to find and list all internal routes. Instantly discov…
  ☆13Jul 31, 2025Updated 7 months ago
• vitorfhc / gecko

  View on GitHub
  Chrome extension for automating CSPT discovery
  ☆138Mar 9, 2026Updated 2 weeks ago
• caido-community / burp2caido

  View on GitHub
  A tool to migrate Burpsuite HTTP history to Caido
  ☆35Apr 25, 2025Updated 11 months ago
• gwen001 / graphql-introspection-analyzer

  View on GitHub
  Graphql introspection query analyzer.
  ☆18Mar 28, 2023Updated 2 years ago
• tomnomnom / unfurl

  View on GitHub
  Pull out bits of URLs provided on stdin
  ☆1,296Aug 12, 2023Updated 2 years ago
• DanaEpp / APIDiscovery

  View on GitHub
  An extension for Burp's Web Vulnerability Scanner that can detect API discovery metadata and extract data useful during recon.
  ☆19Sep 13, 2025Updated 6 months ago
• wisec / domxsswiki

  View on GitHub
  Automatically exported from code.google.com/p/domxsswiki
  ☆548May 12, 2018Updated 7 years ago
• d1r7b46 / PWPPStudy

  View on GitHub
  ☆13Mar 7, 2025Updated last year
• gwen001 / github-subdomains

  View on GitHub
  Find subdomains on GitHub.
  ☆829Mar 28, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• intruder-io / rebind-server

  View on GitHub
  A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers
  ☆19Jun 9, 2023Updated 2 years ago
• PortSwigger / copy-as-ffuf-command

  View on GitHub
  Copy as FFUF Command for Burp Suite
  ☆10Jun 12, 2024Updated last year
• doyensec / CSPTPlayground

  View on GitHub
  CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
  ☆154Mar 31, 2025Updated 11 months ago
• tkellehe / noodel

  View on GitHub
  A programming language designed around supporting ASCII animation based code golfing challenges.
  ☆11Sep 4, 2017Updated 8 years ago
• iambouali / p1radup

  View on GitHub
  Process URLs and remove duplicate query parameters.
  ☆27Mar 19, 2024Updated 2 years ago
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,033Sep 8, 2024Updated last year
• Adversis / NextjsServerActionAnalyzer

  View on GitHub
  A Burp Suite extension for analyzing Next.js Server Actions - server-side functions identified by hash IDs and `Next-Action` headers.
  ☆48Aug 8, 2025Updated 7 months ago