l4yton / RegHex

Related projects: ⓘ

• odomojuli / regextokens
  list of regex patterns for oauth / api tokens with provided source
  ☆228Updated 3 weeks ago
• msrkp / PPScan
  Client Side Prototype Pollution Scanner
  ☆507Updated 2 years ago
• Charlie-belmer / nosqli
  NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
  ☆351Updated 2 years ago
• r0075h3ll / Oralyzer
  Open Redirection Analyzer
  ☆732Updated last year
• AlephNullSK / dnsgen
  Generates combination of domain names from the provided input.
  ☆887Updated 2 months ago
• assetnote / blind-ssrf-chains
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆772Updated 2 years ago
• lc / subjs
  Fetches javascript file from a list of URLS or subdomains.
  ☆735Updated last year
• allanlw / svg-cheatsheet
  A cheatsheet for exploiting server-side SVG processors.
  ☆672Updated 4 years ago
• bing0o / SubEnum
  bash script for Subdomain Enumeration
  ☆302Updated 11 months ago
• filedescriptor / untrusted-types
  ☆647Updated 2 years ago
• KathanP19 / Gxss
  A tool to check a bunch of URLs that contain reflecting params.
  ☆526Updated last month
• trickest / resolvers
  The most exhaustive list of reliable DNS resolvers.
  ☆662Updated this week
• robre / jsmon
  a javascript change monitoring tool for bugbounties
  ☆581Updated last month
• devanshbatham / OpenRedireX
  A fuzzer for detecting open redirect vulnerabilities
  ☆691Updated 2 months ago
• assetnote / surf
  Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
  ☆524Updated 9 months ago
• KathanP19 / JSFScan.sh
  Automation for javascript recon in bug bounty.
  ☆886Updated last year
• glebarez / cero
  Scrape domain names from SSL certificates of arbitrary hosts
  ☆596Updated 5 months ago
• trufflesecurity / Trufflehog-Chrome-Extension
  ☆363Updated 2 years ago
• vortexau / dnsvalidator
  Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
  ☆640Updated 8 months ago
• mazen160 / jwt-pwn
  Security Testing Scripts for JWT
  ☆305Updated 2 years ago
• R0X4R / Garud
  An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and…
  ☆771Updated last year
• honoki / bbrf-client
  The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
  ☆608Updated 5 months ago
• hakluke / hakcheckurl
  Takes a list of URLs and returns their HTTP response codes
  ☆386Updated 11 months ago
• mazen160 / xless
  The Serverless Blind XSS App
  ☆328Updated 5 months ago
• PentestPad / subzy
  Subdomain takeover vulnerability checker
  ☆977Updated last week
• harsh-bothra / Bheem
  ☆365Updated 3 years ago
• ArturSS7 / TukTuk
  Tool for catching and logging different types of requests.
  ☆217Updated 3 years ago
• visma-prodsec / confused
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆687Updated last month
• ghsec / webHunt
  Web App bug hunting
  ☆549Updated 3 months ago
• s0md3v / Parth
  Heuristic Vulnerable Parameter Scanner
  ☆562Updated 8 months ago