filedescriptor/untrusted-types

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/filedescriptor/untrusted-types)

filedescriptor / untrusted-types

☆695

Alternatives and similar repositories for untrusted-types

Users that are interested in untrusted-types are comparing it to the libraries listed below

Sorting:

msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,601Jan 27, 2024Updated 2 years ago
fransr / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆1,296Jan 26, 2024Updated 2 years ago
neex / http2smugl
View on GitHub
☆563Mar 27, 2025Updated 11 months ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆658Jun 29, 2025Updated 8 months ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆959Dec 31, 2021Updated 4 years ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,063Jan 2, 2024Updated 2 years ago
jmdx / TLS-poison
View on GitHub
☆705Nov 27, 2024Updated last year
ayoubfathi / leaky-paths
View on GitHub
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
☆1,028Feb 22, 2026Updated last month
filedescriptor / Unicode-Mapping-on-Domain-names
View on GitHub
☆131Dec 15, 2020Updated 5 years ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,113Aug 14, 2024Updated last year
RenwaX23 / XSSTRON
View on GitHub
Electron JS Browser To Find XSS Vulnerabilities Automatically
☆748Mar 30, 2021Updated 4 years ago
BlackFan / cspp-tools
View on GitHub
Client-Side Prototype Pollution Tools
☆87Sep 21, 2021Updated 4 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆651Feb 21, 2024Updated 2 years ago
bp0lr / dmut
View on GitHub
A tool to perform permutations, mutations and alteration of subdomains in golang.
☆156Nov 24, 2023Updated 2 years ago
wagiro / BurpBounty
View on GitHub
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
☆1,787Apr 26, 2024Updated last year
xsleaks / xsleaks
View on GitHub
A collection of browser-based side channel attack vectors.
☆760Mar 19, 2024Updated 2 years ago
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
honoki / bbrf-client
View on GitHub
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
☆641Jul 7, 2025Updated 8 months ago
m4ll0k / BBTz
View on GitHub
BBT - Bug Bounty Tools (examples💡)
☆1,885Apr 5, 2024Updated last year
httpvoid / writeups
View on GitHub
☆1,202Sep 2, 2022Updated 3 years ago
BishopFox / h2csmuggler
View on GitHub
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
☆785May 10, 2022Updated 3 years ago
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,121Apr 29, 2024Updated last year
internetwache / CT_subdomains
View on GitHub
An hourly updated list of subdomains gathered from certificate transparency logs
☆349Oct 13, 2021Updated 4 years ago
fcavallarin / domdig
View on GitHub
DOM XSS scanner for Single Page Applications
☆414Nov 15, 2025Updated 4 months ago
1ndianl33t / Gf-Patterns
View on GitHub
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
☆1,409Sep 13, 2024Updated last year
devanshbatham / FavFreak
View on GitHub
Making Favicon.ico based Recon Great again !
☆1,269Aug 29, 2023Updated 2 years ago
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,300Apr 13, 2024Updated last year
gwen001 / github-search
View on GitHub
A collection of tools to perform searches on GitHub.
☆1,471Feb 9, 2023Updated 3 years ago
0ang3el / websocket-smuggle
View on GitHub
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆392Aug 15, 2024Updated last year
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆612Mar 4, 2021Updated 5 years ago
arkadiyt / bounty-targets-data
View on GitHub
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for …
☆3,670Updated this week
ameenmaali / qsfuzz
View on GitHub
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
☆303Feb 12, 2023Updated 3 years ago
bytebutcher / burp-send-to
View on GitHub
Adds a customizable "Send to..."-context-menu to your BurpSuite.
☆164Nov 27, 2022Updated 3 years ago
lc / subjs
View on GitHub
Fetches javascript file from a list of URLS or subdomains.
☆838Jul 22, 2025Updated 8 months ago
ZeddYu / HTTP-Smuggling-Lab
View on GitHub
Use HTTP Smuggling Lab to learn HTTP Smuggling.
☆346Nov 20, 2022Updated 3 years ago
doyensec / inql
View on GitHub
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
☆1,744Feb 16, 2026Updated last month
smiegles / extract-relative-url-heapsnapshot
View on GitHub
Extract relative urls from a heap snapshot
☆87May 30, 2021Updated 4 years ago