Alternatives and similar repositories for WAF-bypass-xss-payloads

Users that are interested in WAF-bypass-xss-payloads are comparing it to the libraries listed below

• aaditya2098 / noobstuffs

  View on GitHub
  Xss payload for bypassing waf
  ☆18Apr 18, 2020Updated 5 years ago
• orwagodfather / WordList

  View on GitHub
  ☆845Dec 26, 2025Updated last month
• ayadim / Nuclei-bug-hunter

  View on GitHub
  i will upload more templates here to share with the comunity.
  ☆567Apr 17, 2024Updated last year
• Dheerajmadhukar / 4-ZERO-3

  View on GitHub
  403/401 Bypass Methods + Bash Automation + Your Support ;)
  ☆1,567Jun 6, 2022Updated 3 years ago
• Edr4 / XSS-Bypass-Filters

  View on GitHub
  ☆581Aug 14, 2025Updated 6 months ago
• xnl-h4ck3r / GAP-Burp-Extension

  View on GitHub
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,495Jan 8, 2026Updated last month
• emadshanab / Nuclei-Templates-Collection

  View on GitHub
  Nuclei Templates Collection
  ☆1,078Dec 25, 2025Updated last month
• r0oth3x49 / ghauri

  View on GitHub
  An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
  ☆3,909Oct 4, 2025Updated 4 months ago
• matthernet / SubdomainFinder

  View on GitHub
  Find subdomains by searching public certificate records
  ☆16Jun 11, 2024Updated last year
• Az0x7 / vulnerability-Checklist

  View on GitHub
  This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
  ☆3,252Feb 10, 2024Updated 2 years ago
• hisxo / JSpector

  View on GitHub
  A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
  ☆373Jul 25, 2023Updated 2 years ago
• minhangxiaohui / JavaAgentMemshell

  View on GitHub
  JavaAgent内存马实现、检测、修复demo
  ☆11Dec 7, 2022Updated 3 years ago
• assetnote / nowafpls

  View on GitHub
  Burp Plugin to Bypass WAFs through the insertion of Junk Data
  ☆1,417Jul 14, 2025Updated 7 months ago
• 0xmaximus / Galaxy-Bugbounty-Checklist

  View on GitHub
  Tips and Tutorials for Bug Bounty and also Penetration Tests.
  ☆1,648Oct 7, 2025Updated 4 months ago
• projectdiscovery / fuzzing-templates

  View on GitHub
  Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
  ☆87May 2, 2024Updated last year
• reddelexc / hackerone-reports

  View on GitHub
  Top disclosed reports from HackerOne
  ☆5,297Jan 31, 2026Updated 2 weeks ago
• faiyazahmad07 / xss_vibes

  View on GitHub
  A modern tool written in Python that automates your xss findings.
  ☆472Nov 26, 2023Updated 2 years ago
• PentestPad / subzy

  View on GitHub
  Subdomain takeover vulnerability checker
  ☆1,513Sep 10, 2024Updated last year
• Ciyfly / sucker

  View on GitHub
  对任意http网站添加指定漏洞 目前实现部分漏洞的追加 支持本身http服务 支持反向代理追加
  ☆28Oct 8, 2022Updated 3 years ago
• Karanxa / Bug-Bounty-Wordlists

  View on GitHub
  A repository that includes all the important wordlists used while bug hunting.
  ☆1,375Mar 11, 2023Updated 2 years ago
• root-tanishq / userefuzz

  View on GitHub
  User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
  ☆382May 19, 2023Updated 2 years ago
• Cyber-Guy1 / domainCollector

  View on GitHub
  Simple tool to gather domains from crt.sh using the organization name
  ☆102Dec 16, 2021Updated 4 years ago
• sw33tLie / bbscope

  View on GitHub
  Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
  ☆1,262Jan 28, 2026Updated 2 weeks ago
• lemonlove7 / dirsearch_bypass403

  View on GitHub
  目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
  ☆854Sep 30, 2025Updated 4 months ago
• Ravirajrao / HackerOne-Reports

  View on GitHub
  Cool HackerOne Reports
  ☆22Nov 16, 2022Updated 3 years ago
• s0md3v / uro

  View on GitHub
  declutters url lists for crawling/pentesting
  ☆1,524Feb 23, 2025Updated 11 months ago
• KathanP19 / Gxss

  View on GitHub
  A tool to check a bunch of URLs that contain reflecting params.
  ☆599Aug 4, 2024Updated last year
• 0xKayala / NucleiFuzzer

  View on GitHub
  NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Re…
  ☆1,818Aug 20, 2025Updated 5 months ago
• devploit / nomore403

  View on GitHub
  🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…
  ☆1,496Feb 5, 2026Updated last week
• coffeehb / nginx_swagger

  View on GitHub
  这个项目主要用于辅助测试Swagger的XSS漏洞
  ☆39Jun 11, 2022Updated 3 years ago
• webraybtl / webshell1

  View on GitHub
  某免杀webshell
  ☆19Oct 10, 2023Updated 2 years ago
• hahwul / dalfox

  View on GitHub
  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  ☆4,835Feb 9, 2026Updated last week
• Proviesec / google-dorks

  View on GitHub
  Useful Google Dorks for WebSecurity and Bug Bounty
  ☆1,194Jan 24, 2026Updated 3 weeks ago
• cve-sandbox / jquery

  View on GitHub
  CVE Collection of jQuery XSS Payloads
  ☆75Jan 4, 2023Updated 3 years ago
• SeifElsallamy / Blind-XSS-Manager

  View on GitHub
  Never forget where you inject.
  ☆298Aug 15, 2025Updated 6 months ago
• f0ng / selistener

  View on GitHub
  用于解决判断出网情况的问题，以http、ldap、rmi以及socket形式批量监听端口，在web界面进行结果查看
  ☆127Apr 17, 2023Updated 2 years ago
• robotshell / magicRecon

  View on GitHub
  MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilitie…
  ☆1,022Jul 23, 2024Updated last year
• hakluke / hakoriginfinder

  View on GitHub
  Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  ☆973Jan 12, 2024Updated 2 years ago
• projectdiscovery / alterx

  View on GitHub
  Fast and customizable subdomain wordlist generator using DSL
  ☆920Feb 5, 2026Updated last week