Clientside vulnerability / reflected xss fuzzer
☆149Jul 29, 2023Updated 2 years ago
Alternatives and similar repositories for puff
Users that are interested in puff are comparing it to the libraries listed below
Sorting:
- Extract relative urls from a heap snapshot☆87May 30, 2021Updated 4 years ago
- ☆11May 15, 2020Updated 5 years ago
- Reconnaissance tool which scans javascript files for subdomains and then iterates over all javascript files hosted on subsequent subdomai…☆223Jul 10, 2020Updated 5 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- Host Header Injection Checker☆84Mar 2, 2022Updated 3 years ago
- Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.☆37Jul 7, 2020Updated 5 years ago
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Suite of programs meant to aid in bug hunting and security assessments☆78Dec 29, 2019Updated 6 years ago
- A tool which scrapes public github repositories for common naming conventions in variables, folders and files☆296Jun 3, 2024Updated last year
- ☆27Mar 18, 2020Updated 5 years ago
- Command line tool for testing CRLF injection on a list of domains.☆165Apr 14, 2024Updated last year
- A golang utility to spider through a website searching for additional links.☆343Nov 7, 2020Updated 5 years ago
- Signatures for jaeles scanner by @j3ssie☆117Apr 20, 2024Updated last year
- Web Application recon automation☆125Dec 18, 2020Updated 5 years ago
- Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common m…☆75Mar 22, 2024Updated last year
- ☆60Jul 3, 2024Updated last year
- A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it us…☆62Oct 25, 2020Updated 5 years ago
- Get all the CNs from a list of domains☆45Aug 17, 2021Updated 4 years ago
- A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate☆209Jun 25, 2024Updated last year
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆642Jul 7, 2025Updated 7 months ago
- Making Favicon.ico based Recon Great again !☆1,266Aug 29, 2023Updated 2 years ago
- Ffuf output browser☆39Feb 25, 2023Updated 3 years ago
- a javascript change monitoring tool for bugbounties☆711Jul 31, 2024Updated last year
- A tool to perform permutations, mutations and alteration of subdomains in golang.☆156Nov 24, 2023Updated 2 years ago
- public dns server list for dmut project☆18Nov 30, 2023Updated 2 years ago
- ASN reconnaissance script☆133Jan 25, 2024Updated 2 years ago
- Fetches javascript file from a list of URLS or subdomains.☆835Jul 22, 2025Updated 7 months ago
- Unpack a JavaScript Source Map back into filesystem structure☆184Oct 9, 2020Updated 5 years ago
- Find endpoints on GitHub.☆214Mar 28, 2023Updated 2 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆112Feb 14, 2022Updated 4 years ago
- Python library and CLI for the Bug Bounty Recon API☆230Jun 5, 2021Updated 4 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆648Feb 21, 2024Updated 2 years ago
- XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|ID…☆348Jun 17, 2023Updated 2 years ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆18May 17, 2020Updated 5 years ago
- All-in-One WP Migration-Backup-Finder☆15Nov 5, 2025Updated 3 months ago
- A tool for append URLs, skipping duplicates/paths & combine parameters.☆128Mar 2, 2022Updated 3 years ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆174Nov 11, 2020Updated 5 years ago
- tool that generates bypasses for open redirects☆51Apr 18, 2022Updated 3 years ago