Blazing fast, advanced Padding Oracle exploit
☆266Dec 12, 2025Updated 2 months ago
Alternatives and similar repositories for padre
Users that are interested in padre are comparing it to the libraries listed below
Sorting:
- Black box fuzzer for web applications☆436Jul 20, 2025Updated 7 months ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- Cloud Exploit Framework☆112May 11, 2022Updated 3 years ago
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆90Feb 3, 2024Updated 2 years ago
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆356Dec 14, 2023Updated 2 years ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆436Dec 30, 2025Updated 2 months ago
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆281Sep 11, 2025Updated 5 months ago
- An IIS short filename enumeration tool☆1,126Nov 25, 2024Updated last year
- NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.☆28Nov 12, 2023Updated 2 years ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,294Aug 7, 2025Updated 6 months ago
- Discover hidden debugging parameters and uncover web application secrets☆247Feb 4, 2026Updated last month
- User enumeration and password spraying tool for testing Azure AD☆71Mar 3, 2022Updated 4 years ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆723Feb 28, 2026Updated last week
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆978Jan 12, 2024Updated 2 years ago
- A tool to download program information from Bugcrowd, for use by researchers to compare programs they are eligible to participate in☆21Dec 22, 2022Updated 3 years ago
- A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀☆659Aug 28, 2025Updated 6 months ago
- ☆568Mar 28, 2024Updated last year
- ☆105Jan 3, 2023Updated 3 years ago
- Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers☆126Sep 12, 2024Updated last year
- Exploits targeting vBulletin.☆75Apr 15, 2023Updated 2 years ago
- Spartacus DLL/COM Hijacking Toolkit☆1,083Feb 1, 2024Updated 2 years ago
- A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.☆519Jun 22, 2022Updated 3 years ago
- ☆109Feb 21, 2023Updated 3 years ago
- 🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.☆967Jan 10, 2025Updated last year
- JMX enumeration and attacking tool.☆493Jun 26, 2025Updated 8 months ago
- Burp extension to track your current IP address. Extension focused for red teams where the attacker needs to log all used IP addresses.☆25Nov 2, 2025Updated 4 months ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆300Sep 8, 2023Updated 2 years ago
- Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling☆1,263Mar 19, 2025Updated 11 months ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆577Sep 25, 2025Updated 5 months ago
- A library for detecting known secrets across many web frameworks☆778Updated this week
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆401Jan 10, 2025Updated last year
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆323Jul 23, 2023Updated 2 years ago
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,530Feb 5, 2026Updated last month
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Sep 11, 2024Updated last year
- reverse shell using curl☆478Apr 20, 2024Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- ☆14Mar 20, 2025Updated 11 months ago