Alternatives and similar repositories for gf-secrets

Users that are interested in gf-secrets are comparing it to the libraries listed below

• dwisiswant0 / unew

  View on GitHub
  A tool for append URLs, skipping duplicates/paths & combine parameters.
  ☆128Mar 2, 2022Updated 3 years ago
• bp0lr / dmut

  View on GitHub
  A tool to perform permutations, mutations and alteration of subdomains in golang.
  ☆155Nov 24, 2023Updated 2 years ago
• 1ndianl33t / Gf-Patterns

  View on GitHub
  GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
  ☆1,397Sep 13, 2024Updated last year
• robre / gf-patterns

  View on GitHub
  A repository of some useful grep patterns for tomnomnoms gf tool
  ☆38Oct 11, 2020Updated 5 years ago
• emadshanab / Gf-Patterns-Collection

  View on GitHub
  ☆157Mar 23, 2023Updated 2 years ago
• KathanP19 / JSFScan.sh

  View on GitHub
  Automation for javascript recon in bug bounty.
  ☆1,067Sep 9, 2023Updated 2 years ago
• lc / subjs

  View on GitHub
  Fetches javascript file from a list of URLS or subdomains.
  ☆834Jul 22, 2025Updated 6 months ago
• Josue87 / roboxtractor

  View on GitHub
  Extract endpoints marked as disallow in robots files to generate wordlists.
  ☆58Mar 2, 2022Updated 3 years ago
• dwisiswant0 / hinject

  View on GitHub
  Host Header Injection Checker
  ☆84Mar 2, 2022Updated 3 years ago
• dwisiswant0 / secpat2gf

  View on GitHub
  convert secret patterns to gf compatible.
  ☆38Feb 11, 2023Updated 3 years ago
• dwisiswant0 / cf-check

  View on GitHub
  CloudFlare Checker written in Go
  ☆237May 12, 2024Updated last year
• dwisiswant0 / wadl-dumper

  View on GitHub
  Dump all available paths and/or endpoints on WADL file.
  ☆98Nov 24, 2025Updated 2 months ago
• YashGoti / analyzeJS

  View on GitHub
  A tools for JavaScript Recon
  ☆24Jul 25, 2020Updated 5 years ago
• tomnomnom / fff

  View on GitHub
  The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
  ☆404Apr 10, 2024Updated last year
• ghsec / ghsec-jaeles-signatures

  View on GitHub
  Signatures for jaeles scanner by @j3ssie
  ☆117Apr 20, 2024Updated last year
• KathanP19 / Gxss

  View on GitHub
  A tool to check a bunch of URLs that contain reflecting params.
  ☆599Aug 4, 2024Updated last year
• thomashartm / burp-aem-scanner

  View on GitHub
  Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common m…
  ☆75Mar 22, 2024Updated last year
• devanshbatham / FavFreak

  View on GitHub
  Making Favicon.ico based Recon Great again !
  ☆1,261Aug 29, 2023Updated 2 years ago
• ferreiraklet / airixss

  View on GitHub
  Finding XSS during recon
  ☆271Sep 13, 2022Updated 3 years ago
• KathanP19 / gaussrf

  View on GitHub
  Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…
  ☆173Nov 11, 2020Updated 5 years ago
• Josue87 / gotator

  View on GitHub
  Gotator is a tool to generate DNS wordlists through permutations.
  ☆503Jul 17, 2022Updated 3 years ago
• ksharinarayanan / SSRFire

  View on GitHub
  An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
  ☆971Dec 8, 2021Updated 4 years ago
• ayoubfathi / leaky-paths

  View on GitHub
  A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
  ☆1,021Jun 24, 2024Updated last year
• m4ll0k / BBTz

  View on GitHub
  BBT - Bug Bounty Tools (examples💡)
  ☆1,881Apr 5, 2024Updated last year
• s0md3v / Parth

  View on GitHub
  Heuristic Vulnerable Parameter Scanner
  ☆602Jan 8, 2024Updated 2 years ago
• ethicalhackingplayground / endzy

  View on GitHub
  Endpoint monitor tool
  ☆21Sep 16, 2020Updated 5 years ago
• hakluke / hakfindinternaldomains

  View on GitHub
  Feed it a list of subdomains, it will resolve them and tell you which ones are internal
  ☆93Nov 21, 2021Updated 4 years ago
• tomnomnom / gf

  View on GitHub
  A wrapper around grep, to help you grep for things
  ☆2,075Jun 8, 2024Updated last year
• xm1k3 / cent

  View on GitHub
  Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…
  ☆1,038Aug 23, 2025Updated 5 months ago
• ethicalhackingplayground / Gxss

  View on GitHub
  Tool for checking reflecting Parameters in a URL.
  ☆10Aug 31, 2020Updated 5 years ago
• hakluke / hakcron

  View on GitHub
  Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)
  ☆84Apr 5, 2021Updated 4 years ago
• gwen001 / github-endpoints

  View on GitHub
  Find endpoints on GitHub.
  ☆214Mar 28, 2023Updated 2 years ago
• ameenmaali / qsfuzz

  View on GitHub
  qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
  ☆303Feb 12, 2023Updated 3 years ago
• robre / scripthunter

  View on GitHub
  Tool to find JavaScript files on Websites
  ☆526Nov 2, 2023Updated 2 years ago
• ameenmaali / urldedupe

  View on GitHub
  Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
  ☆392Jun 17, 2020Updated 5 years ago
• dwisiswant0 / findom-xss

  View on GitHub
  A fast DOM based XSS vulnerability scanner with simplicity.
  ☆849Sep 30, 2022Updated 3 years ago
• hakluke / hakcheckurl

  View on GitHub
  Takes a list of URLs and returns their HTTP response codes
  ☆402Oct 17, 2023Updated 2 years ago
• bp0lr / wurl

  View on GitHub
  A tool to test working urls.
  ☆43Nov 17, 2020Updated 5 years ago
• Shivangx01b / BountyIt

  View on GitHub
  A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it us…
  ☆62Oct 25, 2020Updated 5 years ago