Alternatives and similar repositories for reflector

Users that are interested in reflector are comparing it to the libraries listed below

• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,771Apr 26, 2024Updated last year
• GerbenJavado / LinkFinder

  View on GitHub
  A python script that finds endpoints in JavaScript files
  ☆4,280Apr 13, 2024Updated last year
• lc / gau

  View on GitHub
  Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
  ☆4,821Jan 1, 2025Updated last year
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,042Aug 14, 2024Updated last year
• ethicalhackingplayground / ssrf-king

  View on GitHub
  SSRF plugin for burp Automates SSRF Detection in all of the Request
  ☆610Jan 20, 2021Updated 5 years ago
• 1ndianl33t / Gf-Patterns

  View on GitHub
  GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
  ☆1,396Sep 13, 2024Updated last year
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,086Feb 20, 2025Updated 11 months ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,484Oct 12, 2024Updated last year
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,239Jan 8, 2026Updated last month
• xnl-h4ck3r / GAP-Burp-Extension

  View on GitHub
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,496Jan 8, 2026Updated last month
• fransr / postMessage-tracker

  View on GitHub
  A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
  ☆1,281Jan 26, 2024Updated 2 years ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,479Sep 4, 2025Updated 5 months ago
• KathanP19 / JSFScan.sh

  View on GitHub
  Automation for javascript recon in bug bounty.
  ☆1,067Sep 9, 2023Updated 2 years ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,390Aug 24, 2019Updated 6 years ago
• bugcrowd / HUNT

  View on GitHub
  ☆2,315Dec 8, 2023Updated 2 years ago
• tomnomnom / hacks

  View on GitHub
  A collection of hacks and one-off scripts
  ☆2,417Mar 13, 2025Updated 11 months ago
• m4ll0k / Atlas

  View on GitHub
  Quick SQLMap Tamper Suggester
  ☆1,391Jul 18, 2022Updated 3 years ago
• arkadiyt / bounty-targets-data

  View on GitHub
  This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for …
  ☆3,639Updated this week
• devanshbatham / ParamSpider

  View on GitHub
  Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
  ☆2,998Jun 24, 2024Updated last year
• defparam / smuggler

  View on GitHub
  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
  ☆2,059Jan 2, 2024Updated 2 years ago
• infosec-au / altdns

  View on GitHub
  Generates permutations, alterations and mutations of subdomains and then resolves them
  ☆2,468Jan 9, 2025Updated last year
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,017Sep 8, 2024Updated last year
• KathanP19 / Gxss

  View on GitHub
  A tool to check a bunch of URLs that contain reflecting params.
  ☆599Aug 4, 2024Updated last year
• 003random / getJS

  View on GitHub
  A tool to fastly get all javascript sources/files
  ☆856Jul 4, 2025Updated 7 months ago
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,117Apr 21, 2024Updated last year
• s0md3v / uro

  View on GitHub
  declutters url lists for crawling/pentesting
  ☆1,522Feb 23, 2025Updated 11 months ago
• m4ll0k / BBTz

  View on GitHub
  BBT - Bug Bounty Tools (examples💡)
  ☆1,880Apr 5, 2024Updated last year
• hahwul / dalfox

  View on GitHub
  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  ☆4,835Updated this week
• PortSwigger / param-miner

  View on GitHub
  ☆1,405Jan 22, 2026Updated 3 weeks ago
• nahamsec / JSParser

  View on GitHub
  ☆835Nov 13, 2023Updated 2 years ago
• irsdl / IIS-ShortName-Scanner

  View on GitHub
  latest version of scanners for IIS short filename (8.3) disclosure vulnerability
  ☆1,624Sep 3, 2023Updated 2 years ago
• gwen001 / github-search

  View on GitHub
  A collection of tools to perform searches on GitHub.
  ☆1,464Feb 9, 2023Updated 3 years ago
• six2dez / OneListForAll

  View on GitHub
  Rockyou for web fuzzing
  ☆3,014Aug 28, 2025Updated 5 months ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,360Feb 15, 2025Updated 11 months ago
• pry0cc / axiom

  View on GitHub
  The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, f…
  ☆4,344Sep 30, 2024Updated last year
• haccer / subjack

  View on GitHub
  Subdomain Takeover tool written in Go
  ☆2,026Aug 13, 2023Updated 2 years ago
• tomnomnom / unfurl

  View on GitHub
  Pull out bits of URLs provided on stdin
  ☆1,284Aug 12, 2023Updated 2 years ago
• michenriksen / aquatone

  View on GitHub
  A Tool for Domain Flyovers
  ☆5,896May 22, 2022Updated 3 years ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,897Sep 27, 2021Updated 4 years ago