Alternatives and similar repositories for chameleon

Users that are interested in chameleon are comparing it to the libraries listed below

• ayoubfathi / leaky-paths

  View on GitHub
  A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
  ☆1,021Jun 24, 2024Updated last year
• resyncgg / ripgen

  View on GitHub
  Rust-based high performance domain permutation generator.
  ☆297Dec 2, 2023Updated 2 years ago
• iustin24 / rextract

  View on GitHub
  CLI tool that extracts a regex pattern from a list of urls ( Rust )
  ☆61Sep 14, 2022Updated 3 years ago
• xm1k3 / cent

  View on GitHub
  Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…
  ☆1,038Aug 23, 2025Updated 5 months ago
• trickest / dsieve

  View on GitHub
  Filter and enrich a list of subdomains by level
  ☆210Sep 25, 2023Updated 2 years ago
• cramppet / regulator

  View on GitHub
  Automated learning of regexes for DNS discovery
  ☆389Feb 18, 2023Updated 2 years ago
• dsecuredcom / ffufPostprocessing

  View on GitHub
  Golang tool which helps dropping the irrelevant entries from your ffuf result file.
  ☆141Sep 16, 2024Updated last year
• ethicalhackingplayground / pathbuster

  View on GitHub
  A path-normalization pentesting tool.
  ☆150Jan 22, 2026Updated 3 weeks ago
• hakluke / hakoriginfinder

  View on GitHub
  Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  ☆975Jan 12, 2024Updated 2 years ago
• 0xacb / recollapse

  View on GitHub
  REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
  ☆1,287Aug 7, 2025Updated 6 months ago
• xnl-h4ck3r / urless

  View on GitHub
  De-clutter a list of URLs
  ☆384Feb 3, 2026Updated last week
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,015Sep 8, 2024Updated last year
• xnl-h4ck3r / xnLinkFinder

  View on GitHub
  A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
  ☆1,515Jan 15, 2026Updated 3 weeks ago
• iustin24 / chameleon-wordlists

  View on GitHub
  Chameleon Wordlists
  ☆15Sep 13, 2022Updated 3 years ago
• trickest / wordlists

  View on GitHub
  Real-world infosec wordlists, updated regularly
  ☆1,632Updated this week
• wdahlenburg / VhostFinder

  View on GitHub
  Identify virtual hosts by similarity comparison
  ☆134Aug 12, 2024Updated last year
• bitquark / shortscan

  View on GitHub
  An IIS short filename enumeration tool
  ☆1,109Nov 25, 2024Updated last year
• the-xentropy / samlists

  View on GitHub
  Free, libre, effective, and data-driven wordlists for all!
  ☆645Sep 10, 2021Updated 4 years ago
• hakluke / hakscale

  View on GitHub
  Distribute ordinary bash commands over many systems
  ☆168Aug 29, 2022Updated 3 years ago
• xnl-h4ck3r / GAP-Burp-Extension

  View on GitHub
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,495Jan 8, 2026Updated last month
• laluka / bypass-url-parser

  View on GitHub
  bypass-url-parser
  ☆1,111Feb 7, 2026Updated last week
• ferreiraklet / Jeeves

  View on GitHub
  Jeeves SQLI Finder
  ☆218May 13, 2022Updated 3 years ago
• Impact-I / x8-Burp

  View on GitHub
  Hidden parameters discovery suite
  ☆225Nov 14, 2022Updated 3 years ago
• glebarez / cero

  View on GitHub
  Scrape domain names from SSL certificates of arbitrary hosts
  ☆689Mar 31, 2024Updated last year
• six2dez / OneListForAll

  View on GitHub
  Rockyou for web fuzzing
  ☆3,014Aug 28, 2025Updated 5 months ago
• hisxo / JSpector

  View on GitHub
  A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
  ☆373Jul 25, 2023Updated 2 years ago
• xnl-h4ck3r / waymore

  View on GitHub
  Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!
  ☆2,533Feb 7, 2026Updated last week
• w9w / JSA

  View on GitHub
  Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
  ☆560Mar 8, 2025Updated 11 months ago
• 0xDexter0us / uproot-JS

  View on GitHub
  Extract JavaScript files from burp suite project with ease.
  ☆97Feb 19, 2022Updated 3 years ago
• s0md3v / uro

  View on GitHub
  declutters url lists for crawling/pentesting
  ☆1,522Feb 23, 2025Updated 11 months ago
• bp0lr / gauplus

  View on GitHub
  ☆299Jul 16, 2022Updated 3 years ago
• 0xDexter0us / Scavenger

  View on GitHub
  Burp extension to create target specific and tailored wordlist from burp history.
  ☆255Dec 8, 2021Updated 4 years ago
• root-tanishq / userefuzz

  View on GitHub
  User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
  ☆382May 19, 2023Updated 2 years ago
• trickest / mksub

  View on GitHub
  Generate tens of thousands of subdomain combinations in a matter of seconds
  ☆273Sep 25, 2023Updated 2 years ago
• Josue87 / gotator

  View on GitHub
  Gotator is a tool to generate DNS wordlists through permutations.
  ☆503Jul 17, 2022Updated 3 years ago
• fyoorer / ShadowClone

  View on GitHub
  Unleash the power of cloud
  ☆821Nov 19, 2024Updated last year
• BishopFox / jsluice

  View on GitHub
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,755May 22, 2024Updated last year
• sw33tLie / bbscope

  View on GitHub
  Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
  ☆1,262Jan 28, 2026Updated 2 weeks ago
• assetnote / surf

  View on GitHub
  Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
  ☆749Dec 19, 2023Updated 2 years ago