A cheatsheet for common JavaScript sources and sinks that lead to potential vulnerabilities.
☆56Jun 13, 2023Updated 2 years ago
Alternatives and similar repositories for Sources-And-Sinks-Cheatsheet
Users that are interested in Sources-And-Sinks-Cheatsheet are comparing it to the libraries listed below
Sorting:
- All About XSS☆16Oct 23, 2022Updated 3 years ago
- HTTP testing platform for security researchers☆20Updated this week
- Graphql introspection query analyzer.☆18Mar 28, 2023Updated 2 years ago
- A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfac…☆89Apr 19, 2025Updated 10 months ago
- Get some useful data from Clouds for your targets☆20Updated this week
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆773Dec 9, 2025Updated 2 months ago
- ☆88Sep 20, 2024Updated last year
- Simplified pure Java http server☆11May 20, 2022Updated 3 years ago
- Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist☆417Aug 25, 2024Updated last year
- ☆21Feb 25, 2026Updated last week
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆291Apr 9, 2024Updated last year
- Chrome extension for automating CSPT discovery☆138Dec 23, 2025Updated 2 months ago
- TLDFinder is a Python package that identifies valid top-level domains (TLDs) for a list of domains with wildcard characters in the TLD.☆24Jul 2, 2023Updated 2 years ago
- LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.☆33Mar 4, 2024Updated 2 years ago
- 🚀 Sling Shot R3con: Automate Your Bug Bounty and Pentest Reconnaissance with Project Discovery tools 🎯☆25Sep 21, 2023Updated 2 years ago
- OWASP Foundation Web Respository☆26Oct 11, 2025Updated 4 months ago
- gdb cheat sheet☆25Dec 22, 2020Updated 5 years ago
- Refined and Compatible version of Frans Rosen Post Message Tracker Extension☆44Nov 11, 2025Updated 3 months ago
- Automatically exported from code.google.com/p/domxsswiki☆546May 12, 2018Updated 7 years ago
- A Python-based simulator for analyzing the security of quantum communication systems. Currently focuses on the BB84 protocol. Designed fo…☆13Nov 19, 2025Updated 3 months ago
- Pull out bits of URLs provided on stdin☆1,292Aug 12, 2023Updated 2 years ago
- A tool to migrate Burpsuite HTTP history to Caido☆35Apr 25, 2025Updated 10 months ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆153Mar 31, 2025Updated 11 months ago
- Find subdomains on GitHub.☆824Mar 28, 2023Updated 2 years ago
- Process URLs and remove duplicate query parameters.☆27Mar 19, 2024Updated last year
- OOB listener powered by cloudflare workers☆12Apr 13, 2025Updated 10 months ago
- Bash Scripting Cheatsheet for pen-testing!☆43Sep 3, 2023Updated 2 years ago
- Legitimate bug bounty programs value ethical practices and provide clear rewards to researchers for identifying security flaws☆44Sep 22, 2024Updated last year
- A Collection of Proof of Concepts for non-published Web Exploits and Common CVEs☆10Nov 29, 2020Updated 5 years ago
- Dynamic mode decomposition in Python☆13Jun 9, 2015Updated 10 years ago
- ☆10Apr 30, 2024Updated last year
- Practical Data-Only Attack Generation☆44Jun 7, 2024Updated last year
- Quick Command Cheatsheet, you can import/open directly to you ONE NOTE.☆10Updated this week
- A simple, reliable and reasonably fast network capture analyzer.☆26Updated this week
- The OWASP Testing Guide v4.2 Checlist [2023]☆13Jan 15, 2023Updated 3 years ago
- This JavaScript CLI "undeletes' packages that have been removed from the NPM registry☆29Dec 18, 2025Updated 2 months ago
- Hidden parameters discovery suite☆2,027Sep 8, 2024Updated last year
- ☆162Feb 24, 2026Updated last week
- Make better use of the embedded browser that comes by default with Burp☆43Jan 1, 2024Updated 2 years ago