nccgroup/singularity

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nccgroup/singularity)

nccgroup / singularity

A DNS rebinding attack framework.

☆1,263

Alternatives and similar repositories for singularity

Users that are interested in singularity are comparing it to the libraries listed below

Sorting:

FSecureLABS / dref
View on GitHub
DNS Rebinding Exploitation Framework
☆493Apr 27, 2021Updated 4 years ago
brannondorsey / dns-rebind-toolkit
View on GitHub
A front-end JavaScript toolkit for creating DNS rebinding attacks.
☆500Oct 2, 2021Updated 4 years ago
brannondorsey / whonow
View on GitHub
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
☆655Dec 17, 2021Updated 4 years ago
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
jmdx / TLS-poison
View on GitHub
☆707Nov 27, 2024Updated last year
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,584Jan 27, 2024Updated 2 years ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆952Dec 31, 2021Updated 4 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 4 years ago
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,487Sep 4, 2025Updated 5 months ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,674Dec 23, 2024Updated last year
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
nccgroup / freddy
View on GitHub
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
☆584Sep 7, 2021Updated 4 years ago
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
makuga01 / dnsFookup
View on GitHub
DNS rebinding toolkit
☆253May 22, 2023Updated 2 years ago
epinna / tplmap
View on GitHub
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
☆4,120Apr 21, 2024Updated last year
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,164May 26, 2023Updated 2 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆648Feb 21, 2024Updated 2 years ago
michenriksen / aquatone
View on GitHub
A Tool for Domain Flyovers
☆5,906May 22, 2022Updated 3 years ago
0xacb / viewgen
View on GitHub
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
☆659Feb 1, 2025Updated last year
ambionics / phpggc
View on GitHub
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
☆3,753Sep 29, 2025Updated 5 months ago
taviso / rbndr
View on GitHub
Simple DNS Rebinding Service
☆726Jan 16, 2020Updated 6 years ago
ssl / ezXSS
View on GitHub
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
☆2,244Jan 8, 2026Updated last month
doyensec / inql
View on GitHub
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
☆1,737Feb 16, 2026Updated last week
daeken / httprebind
View on GitHub
Automatic tool for DNS rebinding-based SSRF attacks
☆304Aug 21, 2020Updated 5 years ago
BishopFox / eyeballer
View on GitHub
Convolutional neural network for analyzing pentest screenshots
☆1,278Feb 19, 2024Updated 2 years ago
PortSwigger / http-request-smuggler
View on GitHub
☆1,187Jan 21, 2026Updated last month
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
sensepost / ruler
View on GitHub
A tool to abuse Exchange services
☆2,300Jun 10, 2024Updated last year
s0md3v / Arjun
View on GitHub
HTTP parameter discovery suite.
☆6,091Feb 20, 2025Updated last year
infosec-au / altdns
View on GitHub
Generates permutations, alterations and mutations of subdomains and then resolves them
☆2,474Jan 9, 2025Updated last year
ticarpi / jwt_tool
View on GitHub
A toolkit for testing, tweaking and cracking JSON Web Tokens
☆6,389May 1, 2025Updated 9 months ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆445Sep 7, 2022Updated 3 years ago
EdOverflow / can-i-take-over-xyz
View on GitHub
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
☆5,565Feb 8, 2025Updated last year
haccer / subjack
View on GitHub
Subdomain Takeover tool written in Go
☆2,028Aug 13, 2023Updated 2 years ago
filedescriptor / untrusted-types
View on GitHub
☆694Jul 4, 2022Updated 3 years ago
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,286Apr 13, 2024Updated last year
yassineaboukir / sublert
View on GitHub
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…
☆1,028Feb 5, 2021Updated 5 years ago
lgandx / Responder
View on GitHub
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv…
☆6,336Jan 26, 2026Updated last month