mzfr/liffy

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mzfr/liffy)

mzfr / liffy

Local file inclusion exploitation tool

☆929

Alternatives and similar repositories for liffy

Users that are interested in liffy are comparing it to the libraries listed below

Sorting:

D35m0nd142 / LFISuite
View on GitHub
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
☆1,914Apr 13, 2022Updated 3 years ago
OsandaMalith / LFiFreak
View on GitHub
A unique automated LFi Exploiter with Bind/Reverse Shells
☆299Jun 25, 2015Updated 10 years ago
devanshbatham / OpenRedireX
View on GitHub
A fuzzer for detecting open redirect vulnerabilities
☆782Jul 1, 2024Updated last year
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,489Sep 4, 2025Updated 6 months ago
r0075h3ll / Oralyzer
View on GitHub
Open Redirection Analyzer
☆813Mar 5, 2023Updated 3 years ago
almandin / fuxploider
View on GitHub
File upload vulnerability scanner and exploitation tool.
☆3,300May 8, 2025Updated 9 months ago
hansmach1ne / LFImap
View on GitHub
Local File Inclusion discovery and exploitation tool
☆330Dec 31, 2024Updated last year
teknogeek / ssrf-sheriff
View on GitHub
A simple SSRF-testing sheriff written in Go
☆336Oct 31, 2024Updated last year
enjoiz / XXEinjector
View on GitHub
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
☆1,716Dec 1, 2024Updated last year
ksharinarayanan / SSRFire
View on GitHub
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
☆970Dec 8, 2021Updated 4 years ago
0xInfection / XSRFProbe
View on GitHub
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
☆1,281Feb 10, 2026Updated 3 weeks ago
dwisiswant0 / findom-xss
View on GitHub
A fast DOM based XSS vulnerability scanner with simplicity.
☆855Sep 30, 2022Updated 3 years ago
devanshbatham / FavFreak
View on GitHub
Making Favicon.ico based Recon Great again !
☆1,266Aug 29, 2023Updated 2 years ago
sa7mon / S3Scanner
View on GitHub
Scan for misconfigured S3 buckets across S3-compatible APIs!
☆2,998Dec 11, 2025Updated 2 months ago
chrispetrou / FDsploit
View on GitHub
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
☆272Mar 24, 2021Updated 4 years ago
KathanP19 / JSFScan.sh
View on GitHub
Automation for javascript recon in bug bounty.
☆1,069Sep 9, 2023Updated 2 years ago
PentestPad / subzy
View on GitHub
Subdomain takeover vulnerability checker
☆1,525Sep 10, 2024Updated last year
luisfontes19 / xxexploiter
View on GitHub
Tool to help exploit XXE vulnerabilities
☆592Feb 4, 2023Updated 3 years ago
devanshbatham / ParamSpider
View on GitHub
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
☆3,012Jun 24, 2024Updated last year
s0md3v / Arjun
View on GitHub
HTTP parameter discovery suite.
☆6,109Feb 20, 2025Updated last year
s0md3v / Corsy
View on GitHub
CORS Misconfiguration Scanner
☆1,505Sep 17, 2022Updated 3 years ago
jaeles-project / jaeles
View on GitHub
The Swiss Army knife for automated Web Application Testing
☆2,323May 8, 2024Updated last year
xnl-h4ck3r / xnLinkFinder
View on GitHub
A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
☆1,529Jan 15, 2026Updated last month
dwisiswant0 / crlfuzz
View on GitHub
A fast tool to scan CRLF vulnerability written in Go
☆1,520Feb 23, 2026Updated last week
pwnfoo / NTLMRecon
View on GitHub
Enumerate information from NTLM authentication enabled web endpoints 🔎
☆504Sep 23, 2025Updated 5 months ago
SpiderLabs / HostHunter
View on GitHub
HostHunter a recon tool for discovering hostnames using OSINT techniques.
☆1,156Mar 30, 2023Updated 2 years ago
kurobeats / fimap
View on GitHub
fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion b…
☆582Sep 12, 2022Updated 3 years ago
initstring / cloud_enum
View on GitHub
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
☆2,029Jul 12, 2025Updated 7 months ago
swisskyrepo / GraphQLmap
View on GitHub
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
☆1,631Mar 11, 2024Updated last year
vladko312 / SSTImap
View on GitHub
Automatic SSTI detection tool with interactive interface
☆1,390Jan 17, 2026Updated last month
m4ll0k / Atlas
View on GitHub
Quick SQLMap Tamper Suggester
☆1,397Jul 18, 2022Updated 3 years ago
epinna / tplmap
View on GitHub
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
☆4,123Apr 21, 2024Updated last year
m8sec / subscraper
View on GitHub
Subdomain and target enumeration tool built for offensive security testing
☆936Jun 19, 2024Updated last year
hakluke / weaponised-XSS-payloads
View on GitHub
XSS payloads designed to turn alert(1) into P1
☆1,392Sep 12, 2023Updated 2 years ago
0xsha / GoLinkFinder
View on GitHub
A fast and minimal JS endpoint extractor
☆387Nov 10, 2024Updated last year
MindPatch / lorsrf
View on GitHub
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load
☆297Sep 22, 2024Updated last year
hahwul / dalfox
View on GitHub
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
☆4,859Updated this week
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,106Apr 29, 2024Updated last year
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,294Apr 13, 2024Updated last year