narfindustries / http-garden
Differential fuzzing REPL for HTTP implementations.
☆697Updated last week
Related projects: ⓘ
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆393Updated last month
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆550Updated 5 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆524Updated 9 months ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆297Updated 4 months ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,362Updated 3 months ago
- Websec interview questions by tib3rius answered☆298Updated 10 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆840Updated 8 months ago
- Fast and customizable subdomain wordlist generator using DSL☆699Updated this week
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆477Updated this week
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆923Updated 8 months ago
- Burp Plugin to Bypass WAFs through the insertion of Junk Data☆838Updated last month
- ☆189Updated 3 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆333Updated last week
- OXO is a security scanning orchestrator for the modern age.☆517Updated this week
- Attack surface detector that identifies endpoints by static analysis☆555Updated this week
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆318Updated 11 months ago
- ☆291Updated last month
- ☆286Updated this week
- Unleash the power of cloud☆710Updated 3 months ago
- PDF Files for Web Pentesting☆411Updated 3 months ago
- 🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.☆813Updated 11 months ago
- "Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.☆960Updated 2 weeks ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆535Updated last month
- ☆332Updated 4 months ago
- APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and …☆294Updated last month
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,010Updated 7 months ago
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆444Updated 5 months ago
- An IIS short filename enumeration tool☆729Updated last month
- The most exhaustive list of reliable DNS resolvers.☆662Updated this week
- Scrape domain names from SSL certificates of arbitrary hosts☆596Updated 5 months ago