Clientside vulnerability / reflected xss fuzzer
☆149Jul 29, 2023Updated 2 years ago
Alternatives and similar repositories for puff
Users that are interested in puff are comparing it to the libraries listed below
Sorting:
- ☆11May 15, 2020Updated 5 years ago
- Extract relative urls from a heap snapshot☆87May 30, 2021Updated 4 years ago
- ☆27Mar 18, 2020Updated 6 years ago
- ☆36Jul 15, 2020Updated 5 years ago
- Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.☆37Jul 7, 2020Updated 5 years ago
- Reconnaissance tool which scans javascript files for subdomains and then iterates over all javascript files hosted on subsequent subdomai…☆223Jul 10, 2020Updated 5 years ago
- Suite of programs meant to aid in bug hunting and security assessments☆77Dec 29, 2019Updated 6 years ago
- Sync RGB devices to your spotify songs. Sync your keyboard, sync your headset, sync your mouse, sync your toaster, sync your toilet, sync…☆35Feb 1, 2021Updated 5 years ago
- A tool which scrapes public github repositories for common naming conventions in variables, folders and files☆296Jun 3, 2024Updated last year
- Web Application recon automation☆125Dec 18, 2020Updated 5 years ago
- Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s]).☆29Aug 19, 2020Updated 5 years ago
- Ffuf output browser☆39Feb 25, 2023Updated 3 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Signatures for jaeles scanner by @j3ssie☆117Apr 20, 2024Updated last year
- Fastest recursive HTTP fuzzer, like a Ferrari.☆91Nov 27, 2020Updated 5 years ago
- public dns server list for dmut project☆18Nov 30, 2023Updated 2 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- Making Favicon.ico based Recon Great again !☆1,269Aug 29, 2023Updated 2 years ago
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- A tool to perform permutations, mutations and alteration of subdomains in golang.☆156Nov 24, 2023Updated 2 years ago
- ☆12Sep 23, 2023Updated 2 years ago
- A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it us…☆62Oct 25, 2020Updated 5 years ago
- A golang utility to spider through a website searching for additional links.☆343Nov 7, 2020Updated 5 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- Host Header Injection Checker☆84Mar 2, 2022Updated 4 years ago
- Command line tool for testing CRLF injection on a list of domains.☆163Apr 14, 2024Updated last year
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆174Nov 11, 2020Updated 5 years ago
- Get all the CNs from a list of domains☆45Aug 17, 2021Updated 4 years ago
- A tool for append URLs, skipping duplicates/paths & combine parameters.☆128Mar 2, 2022Updated 4 years ago
- Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common m…☆75Mar 22, 2024Updated last year
- ☆60Jul 3, 2024Updated last year
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆641Jul 7, 2025Updated 8 months ago
- Dump all available paths and/or endpoints on WADL file.☆98Nov 24, 2025Updated 3 months ago
- ASN reconnaissance script☆133Jan 25, 2024Updated 2 years ago
- a javascript change monitoring tool for bugbounties☆713Jul 31, 2024Updated last year
- XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|ID…☆350Jun 17, 2023Updated 2 years ago
- commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. …☆40May 21, 2021Updated 4 years ago
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- Unpack a JavaScript Source Map back into filesystem structure☆186Oct 9, 2020Updated 5 years ago