doyensec/regexploit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/doyensec/regexploit)

doyensec / regexploit

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

☆846

Alternatives and similar repositories for regexploit

Users that are interested in regexploit are comparing it to the libraries listed below

Sorting:

BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,584Jan 27, 2024Updated 2 years ago
doyensec / inql
View on GitHub
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
☆1,737Feb 16, 2026Updated 2 weeks ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆953Dec 31, 2021Updated 4 years ago
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆916Jul 3, 2024Updated last year
jmdx / TLS-poison
View on GitHub
☆707Nov 27, 2024Updated last year
defparam / haptyc
View on GitHub
☆95Sep 18, 2021Updated 4 years ago
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
neex / http2smugl
View on GitHub
☆562Mar 27, 2025Updated 11 months ago
BishopFox / json-interop-vuln-labs
View on GitHub
Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"
☆211Mar 9, 2023Updated 2 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆648Feb 21, 2024Updated 2 years ago
assetnote / batchql
View on GitHub
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
☆406Dec 24, 2022Updated 3 years ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
Accenture / jenkins-attack-framework
View on GitHub
☆576Jul 12, 2025Updated 7 months ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 4 years ago
C0DEbrained / Stepper
View on GitHub
A natural evolution of Burp Suite's Repeater tool
☆201Feb 9, 2024Updated 2 years ago
swisskyrepo / GraphQLmap
View on GitHub
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
☆1,631Mar 11, 2024Updated last year
httpvoid / writeups
View on GitHub
☆1,200Sep 2, 2022Updated 3 years ago
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,096Apr 29, 2024Updated last year
visma-prodsec / confused
View on GitHub
Tool to check for dependency confusion vulnerabilities in multiple package management systems
☆778Aug 19, 2024Updated last year
epinna / tplmap
View on GitHub
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
☆4,120Apr 21, 2024Updated last year
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
detectify / page-fetch
View on GitHub
Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…
☆529Apr 23, 2025Updated 10 months ago
ptoomey3 / evilarc
View on GitHub
Create tar/zip archives that can exploit directory traversal vulnerabilities
☆1,034Jun 3, 2021Updated 4 years ago
BishopFox / h2csmuggler
View on GitHub
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
☆782May 10, 2022Updated 3 years ago
PortSwigger / param-miner
View on GitHub
☆1,407Jan 22, 2026Updated last month
whitel1st / docem
View on GitHub
A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
☆677Jan 28, 2024Updated 2 years ago
dolevf / Damn-Vulnerable-GraphQL-Application
View on GitHub
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…
☆1,676May 24, 2025Updated 9 months ago
doyensec / awesome-electronjs-hacking
View on GitHub
A curated list of awesome resources about Electron.js (in)security
☆657May 14, 2025Updated 9 months ago
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,489Sep 4, 2025Updated 5 months ago
ticarpi / jwt_tool
View on GitHub
A toolkit for testing, tweaking and cracking JSON Web Tokens
☆6,389May 1, 2025Updated 10 months ago
allanlw / svg-cheatsheet
View on GitHub
A cheatsheet for exploiting server-side SVG processors.
☆794Jul 2, 2020Updated 5 years ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,679Dec 23, 2024Updated last year
mhaskar / DNSStager
View on GitHub
Hide your payload in DNS
☆615May 3, 2023Updated 2 years ago
honoki / bbrf-client
View on GitHub
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
☆642Jul 7, 2025Updated 7 months ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆446Sep 7, 2022Updated 3 years ago
0xacb / recollapse
View on GitHub
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
☆1,294Aug 7, 2025Updated 6 months ago