γπγA tool used to hunt down API key leaks in JS files and pages
β881Mar 12, 2026Updated last month
Alternatives and similar repositories for mantra
Users that are interested in mantra are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,812May 22, 2024Updated last year
- Automated Tool for Testing Header Based Blind SQL Injectionβ323Jul 23, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.β584Sep 25, 2025Updated 6 months ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,588Mar 8, 2026Updated last month
- π« Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fastβ¦β1,578Mar 16, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets�β1,543Mar 8, 2026Updated last month
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzingβ143Jun 27, 2023Updated 2 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β753Dec 19, 2023Updated 2 years ago
- An IIS short filename enumeration toolβ1,139Nov 25, 2024Updated last year
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!β1,069Mar 24, 2026Updated 3 weeks ago
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Reβ¦β1,830Updated this week
- Fast and customizable subdomain wordlist generator using DSLβ937Feb 5, 2026Updated 2 months ago
- declutters url lists for crawling/pentestingβ1,544Feb 23, 2025Updated last year
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flawsβ3,965Oct 4, 2025Updated 6 months ago
- Wordpress hosting with auto-scaling - Free Trial β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.β839Mar 24, 2026Updated 3 weeks ago
- SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bountyβ746Jan 25, 2026Updated 2 months ago
- My Priv8 Nuclei Templatesβ341May 12, 2024Updated last year
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headersβ358Dec 14, 2023Updated 2 years ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflowsβ298Sep 8, 2023Updated 2 years ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzerβ384May 19, 2023Updated 2 years ago
- β203Jun 11, 2024Updated last year
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β4,929Updated this week
- Process URLs and remove duplicate query parameters.β27Mar 19, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.β91May 2, 2024Updated last year
- De-clutter a list of URLsβ386Mar 8, 2026Updated last month
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript filesβ2,423May 26, 2024Updated last year
- i will upload more templates here to share with the comunity.β569Apr 17, 2024Updated last year
- Automation for javascript recon in bug bounty.β1,081Sep 9, 2023Updated 2 years ago
- Discover hidden debugging parameters and uncover web application secretsβ246Feb 4, 2026Updated 2 months ago
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.β563Mar 8, 2025Updated last year
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlistβ1,508Jan 8, 2026Updated 3 months ago
- Find endpoints on GitHub.β219Mar 28, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,048Mar 7, 2026Updated last month
- 1337 Wordlists for Bug Bounty Huntingβ944Updated this week
- Discover new target domains using Content Security Policyβ512Mar 24, 2026Updated 3 weeks ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issuesβ375Jul 25, 2023Updated 2 years ago
- fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.β939Aug 24, 2023Updated 2 years ago
- 403/401 Bypass Methods + Bash Automation + Your Support ;)β1,585Jun 6, 2022Updated 3 years ago
- A tool to fastly get all javascript sources/filesβ864Jul 4, 2025Updated 9 months ago