Alternatives and similar repositories for webtrufflehog

Users that are interested in webtrufflehog are comparing it to the libraries listed below

• sa1tama0 / Blind-XSS-SVG

  View on GitHub
  Blind XSS SVG
  ☆10Mar 27, 2023Updated 2 years ago
• nullenc0de / paramhunter

  View on GitHub
  Looks for parameters in urls
  ☆34Oct 14, 2024Updated last year
• c3l3si4n / pugdns

  View on GitHub
  An experimental high-performance DNS query bruteforce tool built with AF_XDP for extremely fast and accurate bulk DNS lookups.
  ☆248Jul 6, 2025Updated 7 months ago
• beescuit / githubid

  View on GitHub
  Quickly find all identities someone has used on their Github commits
  ☆17Jul 28, 2024Updated last year
• c3l3si4n / subsift

  View on GitHub
  experimental wildcard subdomain filtering prototype
  ☆16Aug 5, 2023Updated 2 years ago
• TRIKKSS / Semgrep4BurpSuite

  View on GitHub
  burpsuite extension to analyze javascript files using semgrep
  ☆12Feb 3, 2025Updated last year
• pry0cc / nmap-to-ports

  View on GitHub
  Pipe nmap verbose output to a usable format for httpx or host:port notation.
  ☆17Jul 7, 2022Updated 3 years ago
• thelikes / fuzznav

  View on GitHub
  parse ffuf & map endpoints to wordlists
  ☆21Feb 25, 2021Updated 4 years ago
• c3l3si4n / quickcert

  View on GitHub
  A better way of querying certificate transparency logs
  ☆89Mar 30, 2025Updated 10 months ago
• bebiksior / subwords

  View on GitHub
  Extract most frequent words in a list of subdomains
  ☆12Feb 15, 2025Updated 11 months ago
• reewardius / nuclei-fast-templates

  View on GitHub
  ☆14Jan 23, 2026Updated 3 weeks ago
• g4nkd / CacheDecepHound

  View on GitHub
  This tool is an efficient scanner designed to detect Cache Deception vulnerabilities in web servers. It automates the process of testing …
  ☆34Jan 14, 2026Updated last month
• c3l3si4n / thankunext

  View on GitHub
  Easily gather all routes related to a NextJs application through parsing of _buildManifest.js
  ☆69Dec 12, 2022Updated 3 years ago
• BlackFan / Burp-Ai-Substitutor

  View on GitHub
  AI Substitutor is an extension for Burp Suite that uses AI functionality to substitute values of HTTP request parameters and headers.
  ☆28Apr 30, 2025Updated 9 months ago
• dsecuredcom / vhost-fuzzer

  View on GitHub
  Tool to fuzz for interesting vhost.
  ☆23Jan 8, 2025Updated last year
• j3ssie / json-cleaner

  View on GitHub
  The utility aims to clean up output generated by popular tools by calculating a hash based on specific JSON values to removing junk data.
  ☆16Apr 5, 2024Updated last year
• jsmonhq / jsmon-burpsuite-extension

  View on GitHub
  Burpsuite Extension for Jsmon
  ☆22Feb 5, 2026Updated last week
• hackvertor / shadow-repeater

  View on GitHub
  ☆42Nov 15, 2025Updated 2 months ago
• helviojunior / sprayshark

  View on GitHub
  SprayShark is a modular G-Suite password sprayer with threading!
  ☆57May 17, 2025Updated 8 months ago
• riramar / SmuggleTP

  View on GitHub
  A straightforward tool for exploiting SMTP Smuggling vulnerabilities.
  ☆14Jul 22, 2024Updated last year
• reewardius / nuclei-dast-templates

  View on GitHub
  ☆18Updated this week
• kljunowsky / XXElixir

  View on GitHub
  This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
  ☆83Dec 29, 2023Updated 2 years ago
• c3l3si4n / subdomain_data

  View on GitHub
  Results from analyzing data gathered from 1.6 billion subdomains
  ☆32Oct 15, 2024Updated last year
• burgerhalva / All-in-Fuzzer

  View on GitHub
  All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body
  ☆36Dec 13, 2025Updated 2 months ago
• devanshbatham / dnsaudit

  View on GitHub
  A command-line utility for auditing DNS configuration using Zonemaster API
  ☆32Aug 21, 2023Updated 2 years ago
• caido-community / Chatio

  View on GitHub
  An AI-powered assistant for hackers and security professionals built for Caido
  ☆31Jan 24, 2026Updated 3 weeks ago
• CYS4srl / SensitiveDiscoverer

  View on GitHub
  Sensitive Discoverer, a Burp extension to discovers sensitive information inside HTTP messages.
  ☆50Jan 26, 2026Updated 2 weeks ago
• KaanBicaklar / nuclei-MonaCodeScanner

  View on GitHub
  Nuclei templates for source code analysis. Detects hardcoded secrets, config leaks, debug endpoints. Also helps identify OWASP Top 10 iss…
  ☆82Jun 11, 2025Updated 8 months ago
• ViktorMares / vue-js-xss-payload-list

  View on GitHub
  Reflected XSS Payload List for Vue.js (2 & 3)
  ☆15Jan 12, 2023Updated 3 years ago
• osamahamad / Sensitive-Data-Exposures-with-Github

  View on GitHub
  Techniques / Tips and tricks for finding sensitive data exposures in Github for Penetration Testers / Bug Bounty Hunters
  ☆17Aug 1, 2020Updated 5 years ago
• 0xKayala / JaelesFuzzer

  View on GitHub
  JaelesFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
  ☆22May 1, 2024Updated last year
• MuhammadKhizerJaved / Gemini-API-Key-Exposure-Scanner

  View on GitHub
  ☆35Oct 1, 2025Updated 4 months ago
• PopckovS / shell_commands_for_Linux

  View on GitHub
  Разные полезные скрипты для работы в Linux, на Python и на bash, сброс ключей IDE от JetBrains для бесплатного использования.
  ☆44Sep 23, 2021Updated 4 years ago
• vavkamil / js-snitch

  View on GitHub
  Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets
  ☆133Jan 21, 2025Updated last year
• pie0902 / reTermAI

  View on GitHub
  ☆57Jul 6, 2025Updated 7 months ago
• JoshMorrison99 / isXSS-Burp

  View on GitHub
  Passively check for XSS character encodings
  ☆18Feb 7, 2026Updated last week
• 0xAgun / All1

  View on GitHub
  Automated Recon Tool Installer
  ☆15Jun 29, 2022Updated 3 years ago
• castilho101 / FuzzyGuard

  View on GitHub
  ☆16Mar 11, 2024Updated last year
• BishopFox / sj

  View on GitHub
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
  ☆719Feb 3, 2026Updated last week