DOM XSS scanner for Single Page Applications
☆415Nov 15, 2025Updated 3 months ago
Alternatives and similar repositories for domdig
Users that are interested in domdig are comparing it to the libraries listed below
Sorting:
- A simple SSRF-testing sheriff written in Go☆336Oct 31, 2024Updated last year
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆677Jan 28, 2024Updated 2 years ago
- Htcrawl is nodejs module for the recursive crawling of single page applications (SPA) using javascript☆54Nov 15, 2025Updated 3 months ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,774Apr 26, 2024Updated last year
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- ☆695Jul 4, 2022Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- Automated blind-xss search for Burp Suite☆285Oct 10, 2019Updated 6 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- Cross Origin Resource Sharing MisConfiguration Scanner☆173Nov 17, 2021Updated 4 years ago
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆293Aug 23, 2019Updated 6 years ago
- A fast DOM based XSS vulnerability scanner with simplicity.☆855Sep 30, 2022Updated 3 years ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.☆2,244Jan 8, 2026Updated last month
- 🔱 Powerfull XSS Scanning and Parameter analysis tool&gem☆1,353Sep 27, 2022Updated 3 years ago
- Repo of useful scripts☆104Jun 30, 2020Updated 5 years ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing☆3,010Jun 24, 2024Updated last year
- Burp Suite's extension to scan and crawl Single Page Applications☆107Apr 14, 2023Updated 2 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆318May 22, 2023Updated 2 years ago
- htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.☆626Oct 11, 2021Updated 4 years ago
- 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.☆4,851Updated this week
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆1,293Jan 26, 2024Updated 2 years ago
- The Swiss Army knife for automated Web Application Testing☆2,322May 8, 2024Updated last year
- Chrome extension that finds DOM based XSS vulnerabilities☆75Jun 3, 2025Updated 9 months ago
- Automatic SSRF fuzzer and exploitation tool☆3,489Sep 4, 2025Updated 5 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆953Dec 31, 2021Updated 4 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)☆1,631Mar 11, 2024Updated last year
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,737Feb 16, 2026Updated 2 weeks ago
- List DTDs and generate XXE payloads using those local DTDs.☆648Feb 21, 2024Updated 2 years ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,062Jan 2, 2024Updated 2 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆304Aug 21, 2020Updated 5 years ago
- A python script that finds endpoints in JavaScript files☆4,286Apr 13, 2024Updated last year
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects☆970Dec 8, 2021Updated 4 years ago
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- A collection of hacks and one-off scripts☆2,424Mar 13, 2025Updated 11 months ago
- Convolutional neural network for analyzing pentest screenshots☆1,280Feb 19, 2024Updated 2 years ago
- Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.☆277Jan 28, 2025Updated last year