Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
☆226Mar 29, 2022Updated 3 years ago
Alternatives and similar repositories for enumXFF
Users that are interested in enumXFF are comparing it to the libraries listed below
Sorting:
- Traverse JS files for APIs/Endpoints☆15May 12, 2015Updated 10 years ago
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,477Jan 9, 2025Updated last year
- Automatic tool for DNS rebinding-based SSRF attacks☆304Aug 21, 2020Updated 5 years ago
- This tool can be used to brute discover GET and POST parameters☆1,394Aug 24, 2019Updated 6 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- An example of obtaining RCE via Redis and CSRF☆76Sep 11, 2016Updated 9 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆629Feb 5, 2019Updated 7 years ago
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆166May 19, 2023Updated 2 years ago
- A lightweight CSRF Toolkit for easy Proof of concept☆172Jun 11, 2014Updated 11 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- It's bloody scantastic☆239Jun 21, 2022Updated 3 years ago
- View screenshots as a slideshow over http☆15Mar 13, 2020Updated 5 years ago
- A tool to find sensitive keys and passwords in Travis logs☆139Jun 27, 2021Updated 4 years ago
- Wordlist for content(directory) bruteforce discovering with Burp or dirsearch☆217Oct 12, 2024Updated last year
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆277Feb 12, 2021Updated 5 years ago
- Abusing trust boundaries to deliver effective phishing payloads☆35Dec 8, 2015Updated 10 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆563Aug 25, 2022Updated 3 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,285Aug 18, 2025Updated 6 months ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,027Feb 5, 2021Updated 5 years ago
- Deeplack is a python script designed for comparing images (screenshots) using DeepAI to detect changes on websites.☆14Jun 19, 2019Updated 6 years ago
- [DEPRECATED] Hiccup is a framework that allows the Burp Suite (a web application security testing tool, http://portswigger.net/burp/) to …☆42Jan 2, 2019Updated 7 years ago
- Extract subdomains from SSL certificates in HTTPS sites.☆389Mar 3, 2025Updated last year
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆224Dec 7, 2022Updated 3 years ago
- An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match☆42Sep 24, 2012Updated 13 years ago
- Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will m…☆99Dec 30, 2019Updated 6 years ago
- ☆2,316Dec 8, 2023Updated 2 years ago
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆132Feb 19, 2021Updated 5 years ago
- Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…☆216Oct 31, 2019Updated 6 years ago
- A tool to extract database data from a blind SQL injection vulnerability.☆32Jan 4, 2016Updated 10 years ago
- A simple tool for offline searching of default credentials for network devices, web applications and more.☆169Oct 1, 2017Updated 8 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 5 years ago
- Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.☆41Dec 27, 2019Updated 6 years ago
- An interactive OOB XXE data exfiltration tool☆92May 31, 2017Updated 8 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆1,053Jan 3, 2025Updated last year
- A playground to practice SSRF Attacks against web apps☆17Oct 15, 2018Updated 7 years ago
- Evil snippets of Underhanded Red Team tactics☆11Jul 5, 2017Updated 8 years ago
- Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.☆353Jan 12, 2023Updated 3 years ago