Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
☆227Mar 29, 2022Updated 4 years ago
Alternatives and similar repositories for enumXFF
Users that are interested in enumXFF are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Traverse JS files for APIs/Endpoints☆15May 12, 2015Updated 11 years ago
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,495Jan 9, 2025Updated last year
- Wordlist for content(directory) bruteforce discovering with Burp or dirsearch☆217Oct 12, 2024Updated last year
- Automatic tool for DNS rebinding-based SSRF attacks☆305Aug 21, 2020Updated 5 years ago
- It's bloody scantastic☆239Jun 21, 2022Updated 3 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A tool to find sensitive keys and passwords in Travis logs☆140Jun 27, 2021Updated 4 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆166May 19, 2023Updated 3 years ago
- Abusing trust boundaries to deliver effective phishing payloads☆35Dec 8, 2015Updated 10 years ago
- This tool can be used to brute discover GET and POST parameters☆1,396Aug 24, 2019Updated 6 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,494Oct 12, 2024Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match☆42Sep 24, 2012Updated 13 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- An example of obtaining RCE via Redis and CSRF☆76Sep 11, 2016Updated 9 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆278Feb 12, 2021Updated 5 years ago
- A rewrite of the popular altDNS subdomain tool by @infosec-au☆12Feb 28, 2019Updated 7 years ago
- Extract subdomains from SSL certificates in HTTPS sites.☆390Mar 3, 2025Updated last year
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆629Feb 5, 2019Updated 7 years ago
- Deeplack is a python script designed for comparing images (screenshots) using DeepAI to detect changes on websites.☆14Jun 19, 2019Updated 6 years ago
- View screenshots as a slideshow over http☆15Mar 13, 2020Updated 6 years ago
- Toolset for detecting reflected xss in websites☆116Oct 7, 2018Updated 7 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,294Aug 18, 2025Updated 9 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Continuous monitoring for JavaScript files☆223Dec 29, 2019Updated 6 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆1,073Jan 3, 2025Updated last year
- A lightweight CSRF Toolkit for easy Proof of concept☆172Jun 11, 2014Updated 11 years ago
- X-Forwarded-For [403 forbidden] enumeration☆99May 3, 2024Updated 2 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆116Mar 29, 2019Updated 7 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆564Aug 25, 2022Updated 3 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,034Feb 5, 2021Updated 5 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆224Dec 7, 2022Updated 3 years ago
- ☆2,324Dec 8, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆319May 22, 2023Updated 3 years ago
- Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will m…☆100Dec 30, 2019Updated 6 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 5 years ago
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆132Feb 19, 2021Updated 5 years ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆742May 4, 2019Updated 7 years ago
- Scans crossdomain.xml policies for expired domain names.☆26Aug 4, 2015Updated 10 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆544Aug 23, 2018Updated 7 years ago