hahwul / dalfoxView external linksLinks
ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.
β4,835Updated this week
Alternatives and similar repositories for dalfox
Users that are interested in dalfox are comparing it to the libraries listed below
Sorting:
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ2,998Jun 24, 2024Updated last year
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,821Jan 1, 2025Updated last year
- HTTP parameter discovery suite.�β6,086Feb 20, 2025Updated 11 months ago
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,192Updated this week
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grepβ1,397Sep 13, 2024Updated last year
- Fetch all the URLs that the Wayback Machine knows about for a domainβ4,309May 1, 2024Updated last year
- declutters url lists for crawling/pentestingβ1,522Feb 23, 2025Updated 11 months ago
- Gospider - Fast web spider written in Goβ2,868Apr 21, 2024Updated last year
- Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web applicationβ4,991Dec 21, 2024Updated last year
- Hidden parameters discovery suiteβ2,015Sep 8, 2024Updated last year
- httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.β9,543Updated this week
- A python script that finds endpoints in JavaScript filesβ4,280Apr 13, 2024Updated last year
- A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attβ¦β5,760Updated this week
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,042Aug 14, 2024Updated last year
- Fast web fuzzer written in Goβ15,574Apr 24, 2025Updated 9 months ago
- The Swiss Army knife for automated Web Application Testingβ2,324May 8, 2024Updated last year
- A wrapper around grep, to help you grep for thingsβ2,075Jun 8, 2024Updated last year
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flawsβ3,895Oct 4, 2025Updated 4 months ago
- Fast passive subdomain enumeration tool.β13,054Feb 5, 2026Updated last week
- A tool to check a bunch of URLs that contain reflecting params.β599Aug 4, 2024Updated last year
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,464Nov 16, 2025Updated 2 months ago
- Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokensβ¦β5,201Jan 31, 2026Updated 2 weeks ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,533Feb 7, 2026Updated last week
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ864Nov 23, 2022Updated 3 years ago
- Rockyou for web fuzzingβ3,014Aug 28, 2025Updated 5 months ago
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enablβ¦β26,985Updated this week
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript filesβ2,376May 26, 2024Updated last year
- Contextual Content Discovery Toolβ3,085Apr 29, 2024Updated last year
- Find domains and subdomains related to a given domainβ3,514Jun 7, 2024Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,515Jan 15, 2026Updated 3 weeks ago
- Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entβ¦β2,106Nov 18, 2024Updated last year
- The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, fβ¦β4,346Sep 30, 2024Updated last year
- Community curated list of templates for the nuclei engine to find security vulnerabilities.β11,935Updated this week
- Most advanced XSS scanner.β14,735Apr 26, 2025Updated 9 months ago
- A collection of hacks and one-off scriptsβ2,418Mar 13, 2025Updated 11 months ago
- In-depth attack surface mapping and asset discoveryβ14,103Updated this week
- A tool for adding new lines to files, skipping duplicatesβ1,605Jan 12, 2024Updated 2 years ago
- A collection of awesome one-liner scripts especially for bug bounty tips.β3,074Jul 29, 2024Updated last year
- Automatic SSRF fuzzer and exploitation toolβ3,479Sep 4, 2025Updated 5 months ago