Alternatives and similar repositories for liffy

Users that are interested in liffy are comparing it to the libraries listed below

• D35m0nd142 / LFISuite

  View on GitHub
  Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
  ☆1,910Apr 13, 2022Updated 3 years ago
• OsandaMalith / LFiFreak

  View on GitHub
  A unique automated LFi Exploiter with Bind/Reverse Shells
  ☆298Jun 25, 2015Updated 10 years ago
• devanshbatham / OpenRedireX

  View on GitHub
  A fuzzer for detecting open redirect vulnerabilities
  ☆782Jul 1, 2024Updated last year
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,479Sep 4, 2025Updated 5 months ago
• almandin / fuxploider

  View on GitHub
  File upload vulnerability scanner and exploitation tool.
  ☆3,300May 8, 2025Updated 9 months ago
• r0075h3ll / Oralyzer

  View on GitHub
  Open Redirection Analyzer
  ☆811Mar 5, 2023Updated 2 years ago
• hansmach1ne / LFImap

  View on GitHub
  Local File Inclusion discovery and exploitation tool
  ☆330Dec 31, 2024Updated last year
• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆336Oct 31, 2024Updated last year
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,704Dec 1, 2024Updated last year
• ksharinarayanan / SSRFire

  View on GitHub
  An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
  ☆971Dec 8, 2021Updated 4 years ago
• 0xInfection / XSRFProbe

  View on GitHub
  The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
  ☆1,273Feb 4, 2025Updated last year
• dwisiswant0 / findom-xss

  View on GitHub
  A fast DOM based XSS vulnerability scanner with simplicity.
  ☆849Sep 30, 2022Updated 3 years ago
• devanshbatham / FavFreak

  View on GitHub
  Making Favicon.ico based Recon Great again !
  ☆1,260Aug 29, 2023Updated 2 years ago
• sa7mon / S3Scanner

  View on GitHub
  Scan for misconfigured S3 buckets across S3-compatible APIs!
  ☆2,998Dec 11, 2025Updated 2 months ago
• chrispetrou / FDsploit

  View on GitHub
  File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
  ☆272Mar 24, 2021Updated 4 years ago
• KathanP19 / JSFScan.sh

  View on GitHub
  Automation for javascript recon in bug bounty.
  ☆1,067Sep 9, 2023Updated 2 years ago
• luisfontes19 / xxexploiter

  View on GitHub
  Tool to help exploit XXE vulnerabilities
  ☆587Feb 4, 2023Updated 3 years ago
• devanshbatham / ParamSpider

  View on GitHub
  Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
  ☆2,998Jun 24, 2024Updated last year
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,086Feb 20, 2025Updated 11 months ago
• s0md3v / Corsy

  View on GitHub
  CORS Misconfiguration Scanner
  ☆1,502Sep 17, 2022Updated 3 years ago
• jaeles-project / jaeles

  View on GitHub
  The Swiss Army knife for automated Web Application Testing
  ☆2,324May 8, 2024Updated last year
• PentestPad / subzy

  View on GitHub
  Subdomain takeover vulnerability checker
  ☆1,513Sep 10, 2024Updated last year
• xnl-h4ck3r / xnLinkFinder

  View on GitHub
  A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
  ☆1,515Jan 15, 2026Updated 3 weeks ago
• dwisiswant0 / crlfuzz

  View on GitHub
  A fast tool to scan CRLF vulnerability written in Go
  ☆1,517Jan 22, 2026Updated 3 weeks ago
• pwnfoo / NTLMRecon

  View on GitHub
  Enumerate information from NTLM authentication enabled web endpoints 🔎
  ☆504Sep 23, 2025Updated 4 months ago
• SpiderLabs / HostHunter

  View on GitHub
  HostHunter a recon tool for discovering hostnames using OSINT techniques.
  ☆1,155Mar 30, 2023Updated 2 years ago
• kurobeats / fimap

  View on GitHub
  fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion b…
  ☆581Sep 12, 2022Updated 3 years ago
• swisskyrepo / GraphQLmap

  View on GitHub
  GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
  ☆1,617Mar 11, 2024Updated last year
• initstring / cloud_enum

  View on GitHub
  Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
  ☆2,012Jul 12, 2025Updated 7 months ago
• m4ll0k / Atlas

  View on GitHub
  Quick SQLMap Tamper Suggester
  ☆1,391Jul 18, 2022Updated 3 years ago
• vladko312 / SSTImap

  View on GitHub
  Automatic SSTI detection tool with interactive interface
  ☆1,357Jan 17, 2026Updated 3 weeks ago
• m8sec / subscraper

  View on GitHub
  Subdomain and target enumeration tool built for offensive security testing
  ☆933Jun 19, 2024Updated last year
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,117Apr 21, 2024Updated last year
• hakluke / weaponised-XSS-payloads

  View on GitHub
  XSS payloads designed to turn alert(1) into P1
  ☆1,388Sep 12, 2023Updated 2 years ago
• 0xsha / GoLinkFinder

  View on GitHub
  A fast and minimal JS endpoint extractor
  ☆388Nov 10, 2024Updated last year
• MindPatch / lorsrf

  View on GitHub
  Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load
  ☆297Sep 22, 2024Updated last year
• hahwul / dalfox

  View on GitHub
  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  ☆4,835Updated this week
• assetnote / kiterunner

  View on GitHub
  Contextual Content Discovery Tool
  ☆3,085Apr 29, 2024Updated last year
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,017Sep 8, 2024Updated last year