Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
☆227Mar 29, 2022Updated 4 years ago
Alternatives and similar repositories for enumXFF
Users that are interested in enumXFF are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Traverse JS files for APIs/Endpoints☆15May 12, 2015Updated 10 years ago
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,483Jan 9, 2025Updated last year
- Wordlist for content(directory) bruteforce discovering with Burp or dirsearch☆216Oct 12, 2024Updated last year
- Automatic tool for DNS rebinding-based SSRF attacks☆305Aug 21, 2020Updated 5 years ago
- It's bloody scantastic☆239Jun 21, 2022Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A tool to find sensitive keys and passwords in Travis logs☆139Jun 27, 2021Updated 4 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆166May 19, 2023Updated 2 years ago
- Abusing trust boundaries to deliver effective phishing payloads☆34Dec 8, 2015Updated 10 years ago
- This tool can be used to brute discover GET and POST parameters☆1,393Aug 24, 2019Updated 6 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,486Oct 12, 2024Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match☆42Sep 24, 2012Updated 13 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- An example of obtaining RCE via Redis and CSRF☆76Sep 11, 2016Updated 9 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆278Feb 12, 2021Updated 5 years ago
- A rewrite of the popular altDNS subdomain tool by @infosec-au☆12Feb 28, 2019Updated 7 years ago
- Extract subdomains from SSL certificates in HTTPS sites.☆389Mar 3, 2025Updated last year
- Deeplack is a python script designed for comparing images (screenshots) using DeepAI to detect changes on websites.☆14Jun 19, 2019Updated 6 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆628Feb 5, 2019Updated 7 years ago
- View screenshots as a slideshow over http☆15Mar 13, 2020Updated 6 years ago
- Toolset for detecting reflected xss in websites☆116Oct 7, 2018Updated 7 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,285Aug 18, 2025Updated 7 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Continuous monitoring for JavaScript files☆221Dec 29, 2019Updated 6 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆1,058Jan 3, 2025Updated last year
- A lightweight CSRF Toolkit for easy Proof of concept☆172Jun 11, 2014Updated 11 years ago
- X-Forwarded-For [403 forbidden] enumeration☆99May 3, 2024Updated last year
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆116Mar 29, 2019Updated 7 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆562Aug 25, 2022Updated 3 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,030Feb 5, 2021Updated 5 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆223Dec 7, 2022Updated 3 years ago
- ☆2,320Dec 8, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆318May 22, 2023Updated 2 years ago
- Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will m…☆99Dec 30, 2019Updated 6 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 5 years ago
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆132Feb 19, 2021Updated 5 years ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆740May 4, 2019Updated 6 years ago
- Scans crossdomain.xml policies for expired domain names.☆26Aug 4, 2015Updated 10 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆543Aug 23, 2018Updated 7 years ago