WebSocket REPL for pentesters
☆234Jul 24, 2024Updated last year
Alternatives and similar repositories for wsrepl
Users that are interested in wsrepl are comparing it to the libraries listed below
Sorting:
- navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities☆74May 20, 2023Updated 2 years ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,771May 22, 2024Updated last year
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆282Sep 11, 2025Updated 5 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆456Oct 3, 2023Updated 2 years ago
- An IIS short filename enumeration tool☆1,123Nov 25, 2024Updated last year
- An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.☆16Nov 1, 2023Updated 2 years ago
- Dependency Confusion Security Testing Tool☆50Jul 21, 2022Updated 3 years ago
- BChecks collection for Burp Suite Professional and Burp Suite DAST☆769Jan 26, 2026Updated last month
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆149Dec 9, 2024Updated last year
- Obtain GraphQL API schema even if the introspection is disabled☆1,396Dec 5, 2025Updated 2 months ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,737Feb 16, 2026Updated 2 weeks ago
- Workshop & Talk Slide Decks from HackSpaceCon☆26Dec 14, 2025Updated 2 months ago
- 🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.☆967Jan 10, 2025Updated last year
- Unleash the power of cloud☆818Nov 19, 2024Updated last year
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing☆142Jun 27, 2023Updated 2 years ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆36Mar 4, 2025Updated 11 months ago
- Hourly Updated (Merged & Filtered) List of Torrent Trackers [Maintainer=@Azathothas]☆16Updated this week
- A Security Tool for Enumerating WebSockets☆366Jan 10, 2022Updated 4 years ago
- Exploits targeting vBulletin.☆75Apr 15, 2023Updated 2 years ago
- Burp Extension to add additional functionality for pentesting websocket based applications☆102Aug 27, 2025Updated 6 months ago
- ☆95Sep 18, 2021Updated 4 years ago
- Differential testing framework for HTTP implementations☆927Jan 21, 2026Updated last month
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆723Updated this week
- Script to read input from stdin and encode it☆19Aug 23, 2023Updated 2 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆48Jun 13, 2023Updated 2 years ago
- Collection of random RedTeam scripts.☆211Mar 8, 2024Updated last year
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆888May 3, 2023Updated 2 years ago
- Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability☆61Jun 12, 2023Updated 2 years ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,294Aug 7, 2025Updated 6 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆978Jan 12, 2024Updated 2 years ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,344Aug 6, 2025Updated 6 months ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Sep 11, 2024Updated last year
- Remove duplicate URLs by retaining only the unique combinations of hostname, path, and parameter names☆39May 5, 2024Updated last year
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆89May 2, 2024Updated last year
- RopstenCtf is an easy tool to interact with the ethereum ropsten network for ctf purpose and more.☆17Jul 18, 2022Updated 3 years ago
- ☆20Sep 6, 2023Updated 2 years ago
- A library for detecting known secrets across many web frameworks☆778Updated this week
- Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based …☆104Jul 22, 2025Updated 7 months ago