nexxai / Substr3amView external linksLinks
Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
☆68Oct 11, 2022Updated 3 years ago
Alternatives and similar repositories for Substr3am
Users that are interested in Substr3am are comparing it to the libraries listed below
Sorting:
- A notification script to help with Recon Stuff☆14Jun 8, 2021Updated 4 years ago
- This extension provides a central location for viewing all GraphQL requests/responses within a Burp project. It provides a clean UI that …☆15Feb 24, 2022Updated 3 years ago
- Parallelized enumeration tool for red team engagements and bug bounty programs.☆16Mar 31, 2021Updated 4 years ago
- all manner of wordlists☆24Jan 19, 2022Updated 4 years ago
- 4xxbypass☆67Mar 29, 2021Updated 4 years ago
- Push notifications to Slack channel or to custom server based on BurpSuite response conditions.☆17Nov 26, 2020Updated 5 years ago
- A bash script that automates the scanning of a target network for HTTP resources through XXE☆37Dec 2, 2020Updated 5 years ago
- Built on a lazy Sunday after seeing this tweet (https://twitter.com/intigriti/status/1272145863868104705?s=20) I present to you, Paramete…☆51Jun 14, 2020Updated 5 years ago
- A simple tool to detect wildcards domain based on Amass's wildcards detector.☆65Apr 13, 2021Updated 4 years ago
- A simple script to check for insecurely exposed git repositories.☆12Mar 17, 2019Updated 6 years ago
- Bug Bounty tool to automate the recon process.☆12Oct 4, 2023Updated 2 years ago
- An another JWT cracker but really fast!☆11Jan 26, 2023Updated 3 years ago
- Customisable and automated HTTP header injection☆271Jun 27, 2024Updated last year
- Reestructured LemonBooster.☆47Jul 26, 2024Updated last year
- Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the …☆52Jul 14, 2021Updated 4 years ago
- Subvenkon is a subdomain enumerator from Venkon☆23Jun 22, 2020Updated 5 years ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆173Nov 11, 2020Updated 5 years ago
- 0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover☆57Dec 15, 2020Updated 5 years ago
- A Web-UI for subdomain enumeration (subfinder)☆56Jun 5, 2020Updated 5 years ago
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 4 years ago
- SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.☆38Mar 7, 2021Updated 4 years ago
- Make exploiting race conditions in web applications highly efficient and ease-of-use.☆27Jun 18, 2025Updated 7 months ago
- #JavascriptRecon #bugbounty☆21Aug 18, 2021Updated 4 years ago
- ☆16Mar 29, 2024Updated last year
- Generative web directory fuzzer,crawling and subdomain checker based on chatgpt☆16May 15, 2024Updated last year
- jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()…☆11Apr 9, 2021Updated 4 years ago
- A Python script to extract the list of users of a GiTea instance, unauthenticated or authenticated.☆15Feb 11, 2025Updated last year
- Another Subdomain ENumeration Tool☆13Oct 15, 2022Updated 3 years ago
- 🐰 Managing command snippets for hackers/bug bounty hunters. with pet.☆106May 6, 2023Updated 2 years ago
- ☆17Feb 4, 2020Updated 6 years ago
- 🗺 Convert nmap XML output to beautiful JSON☆16Mar 17, 2023Updated 2 years ago
- qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.☆30May 6, 2020Updated 5 years ago
- Command line tool for testing CRLF injection on a list of domains.☆166Apr 14, 2024Updated last year
- automated web assets enumeration & scanning [DEPRECATED]☆288Mar 7, 2023Updated 2 years ago
- Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.☆62Nov 29, 2022Updated 3 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Security tool (now AI powered 🤖) to find potential vulnerable Server Side Request Forgery (SSRF) parameters.☆353Jan 29, 2026Updated 2 weeks ago
- A golang utility to spider through a website searching for additional links.☆343Nov 7, 2020Updated 5 years ago
- This tool aims at accumulating javascript files from a given set of subdomains to discover hidden endpoints. It swims through JS files to…☆49Dec 28, 2022Updated 3 years ago