ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.
β5,109Jul 5, 2026Updated this week
Alternatives and similar repositories for dalfox
Users that are interested in dalfox are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,119Mar 7, 2026Updated 4 months ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β5,005Mar 20, 2026Updated 3 months ago
- HTTP parameter discovery suite.β6,349Feb 20, 2025Updated last year
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grepβ1,440Sep 13, 2024Updated last year
- Fetch all the URLs that the Wayback Machine knows about for a domainβ4,494May 1, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- declutters url lists for crawling/pentestingβ1,573Feb 23, 2025Updated last year
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,796Jun 29, 2026Updated last week
- Gospider - Fast web spider written in Goβ2,976Apr 21, 2024Updated 2 years ago
- Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web applicationβ5,081Dec 21, 2024Updated last year
- Hidden parameters discovery suiteβ2,076Sep 8, 2024Updated last year
- A tool to check a bunch of URLs that contain reflecting params.β601Aug 4, 2024Updated last year
- httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.β10,140Updated this week
- A wrapper around grep, to help you grep for thingsβ2,122Jun 8, 2024Updated 2 years ago
- A python script that finds endpoints in JavaScript filesβ4,404Apr 13, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer β’ AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attβ¦β6,033Jul 1, 2026Updated last week
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ879Nov 23, 2022Updated 3 years ago
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flawsβ4,040Oct 4, 2025Updated 9 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,276Aug 14, 2024Updated last year
- Fast passive subdomain enumeration tool.β13,966Jul 3, 2026Updated last week
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,687Jun 11, 2026Updated 3 weeks ago
- Fast web fuzzer written in Goβ16,327Apr 26, 2026Updated 2 months ago
- Most advanced XSS scanner.β15,063Apr 26, 2025Updated last year
- The Swiss Army knife for automated Web Application Testingβ2,358Jun 20, 2026Updated 2 weeks ago
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript filesβ2,473May 26, 2024Updated 2 years ago
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enablβ¦β29,534Updated this week
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,722Mar 21, 2026Updated 3 months ago
- Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokensβ¦β5,443Jul 1, 2026Updated last week
- Contextual Content Discovery Toolβ3,223Apr 29, 2024Updated 2 years ago
- Find domains and subdomains related to a given domainβ3,630Jun 7, 2024Updated 2 years ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,574Mar 8, 2026Updated 4 months ago
- Rockyou for web fuzzingβ3,185Mar 11, 2026Updated 3 months ago
- The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, fβ¦β4,398Sep 30, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entβ¦β2,208Feb 23, 2026Updated 4 months ago
- Subdomain takeover vulnerability checkerβ1,573Sep 10, 2024Updated last year
- In-depth attack surface mapping and asset discoveryβ14,801Apr 17, 2026Updated 2 months ago
- A tool for adding new lines to files, skipping duplicatesβ1,642Jan 12, 2024Updated 2 years ago
- A collection of awesome one-liner scripts especially for bug bounty tips.β3,160Jul 29, 2024Updated last year
- Community curated list of templates for the nuclei engine to find security vulnerabilities.β12,590Updated this week
- Automatic SSRF fuzzer and exploitation toolβ3,583Sep 4, 2025Updated 10 months ago