A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
☆102Mar 5, 2025Updated 11 months ago
Alternatives and similar repositories for fuzzlists
Users that are interested in fuzzlists are comparing it to the libraries listed below
Sorting:
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body☆36Dec 13, 2025Updated 2 months ago
- A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the giv…☆116Sep 19, 2023Updated 2 years ago
- Hand-made Improved Nuclei Templates!🪴☆13Jun 12, 2023Updated 2 years ago
- Template Nuclei SSTI☆34Nov 18, 2025Updated 3 months ago
- This tool is intended for bounty hunters, the script installs and launches the best set of tools for expanding the attack surface, for W…☆12Apr 22, 2024Updated last year
- A command-line utility designed to recursively spider webpages for URLs. It works by actively traversing websites - following links embed…☆103Dec 8, 2025Updated 2 months ago
- WordPress version scanner written in Python.☆15Jun 18, 2024Updated last year
- A python-based vulnerability scanner designed to identify open redirect flaws in website applications.☆20Apr 24, 2025Updated 10 months ago
- ☆20Apr 5, 2023Updated 2 years ago
- Ollama AI Analyzer runs directly on your local computer, using Ollama's AI models to analyze your HTTP requests and responses. This means…☆32Mar 1, 2025Updated 11 months ago
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆309Mar 31, 2024Updated last year
- Chameleon Wordlists☆15Sep 13, 2022Updated 3 years ago
- ☆29May 22, 2024Updated last year
- OpenSSH Pre-Auth Double Free CVE-2023-25136 POC☆47Apr 21, 2023Updated 2 years ago
- 🕵️♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.☆54May 14, 2023Updated 2 years ago
- SidePeek.js is a curated set of JavaScript payloads for browser-based recon. Run them in DevTools or as bookmarklets to uncover hidden AP…☆21May 13, 2025Updated 9 months ago
- Every Nuclei template that has ever appeared on Github☆35Jun 2, 2022Updated 3 years ago
- 1337 Wordlists for Bug Bounty Hunting☆931Updated this week
- Extracts URLs from OSINT Archives for Security Insights☆176Updated this week
- Writeup finder from medium or other☆22Sep 11, 2024Updated last year
- MacroExploit use in excel sheet☆20Jun 12, 2023Updated 2 years ago
- Nuclei Templates☆14Jan 13, 2023Updated 3 years ago
- Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist☆416Aug 25, 2024Updated last year
- ☆628Dec 19, 2025Updated 2 months ago
- xsschecker tests endpoints for reflected XSS by injecting payloads and checking responses. It prints vulnerable if the payload is reflect…☆36Nov 3, 2025Updated 3 months ago
- Attempt zone transfers on domains☆18Jul 12, 2021Updated 4 years ago
- Python tool to generate crafted JWTs, exploiting the algorithm confusion vulnerability in JWT signature validation. Useful for security …☆25Mar 22, 2025Updated 11 months ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆43Feb 24, 2025Updated last year
- An XSS exploitation command-line interface and payload generator.☆1,413Jan 19, 2025Updated last year
- An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms.☆212Apr 21, 2025Updated 10 months ago
- A small tool to unmap PE memory dumps.☆11Nov 9, 2023Updated 2 years ago
- ☆45Mar 5, 2025Updated 11 months ago
- WebAnalyzer is a versatile tool for comprehensive domain analysis. It provides insights into WHOIS data, DNS records, subdomains, SEO, we…☆13Oct 6, 2025Updated 4 months ago
- CVE-2022-41040 nuclei template☆19Oct 2, 2022Updated 3 years ago
- Online-Crawler-Wayback-Machine☆27Oct 15, 2024Updated last year
- i will upload more templates here to share with the comunity.☆567Apr 17, 2024Updated last year
- Automated HTTP Request Repeating With Burp Suite☆40Apr 3, 2023Updated 2 years ago
- A powerful and clean bash script to dump and extract information from Project Discovery's Chaos Project https://chaos.projectdiscovery.io…☆25Mar 31, 2022Updated 3 years ago
- CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script w…☆24Mar 18, 2023Updated 2 years ago