nxenon/h2spacex

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nxenon/h2spacex)

nxenon / h2spacex

HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks

☆219

Alternatives and similar repositories for h2spacex

Users that are interested in h2spacex are comparing it to the libraries listed below

Sorting:

bahruzjabiyev / gudifu-fuzzer
View on GitHub
Guided Differential Fuzzing for HTTP Request Parsing Discrepancies
☆20Apr 11, 2024Updated last year
Ry0taK / first-sequence-sync
View on GitHub
☆36Jun 21, 2024Updated last year
kevin-mizu / domloggerpp
View on GitHub
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
☆777Dec 9, 2025Updated 3 months ago
narfindustries / http-garden
View on GitHub
Differential testing framework for HTTP implementations
☆926Jan 21, 2026Updated last month
AethliosIK / reset-tolkien
View on GitHub
Unsecure time-based secret exploitation and Sandwich attack implementation Resources
☆149Dec 9, 2024Updated last year
PortSwigger / splitting-the-email-atom
View on GitHub
☆93Dec 4, 2025Updated 3 months ago
nxenon / cve-2023-44487
View on GitHub
Examples for Implementing cve-2023-44487 ( HTTP/2 Rapid Reset Attack ) Concept
☆14Nov 10, 2023Updated 2 years ago
0xacb / recollapse
View on GitHub
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
☆1,293Aug 7, 2025Updated 7 months ago
intruder-io / guidtool
View on GitHub
A tool to inspect and attack version 1 GUIDs
☆239Oct 13, 2022Updated 3 years ago
thehackerish / GWTab
View on GitHub
BurpSuite extension that helps find user input in a GWT body.
☆12May 29, 2020Updated 5 years ago
assetnote / nowafpls
View on GitHub
Burp Plugin to Bypass WAFs through the insertion of Junk Data
☆1,426Jul 14, 2025Updated 7 months ago
matanber / domlogger-configs
View on GitHub
Useful configurations for the DomLogger++ extension
☆48Sep 7, 2024Updated last year
fransr / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆1,293Jan 26, 2024Updated 2 years ago
ImAyrix / dorker
View on GitHub
🔎 Dork Generator
☆29Jun 11, 2023Updated 2 years ago
RemmyNine / wordTally
View on GitHub
WordTally is a Python script designed to analyze text files and provide word frequency statistics.
☆15Jul 3, 2023Updated 2 years ago
Osb0rn3 / tldfinder
View on GitHub
TLDFinder is a Python package that identifies valid top-level domains (TLDs) for a list of domains with wildcard characters in the TLD.
☆24Jul 2, 2023Updated 2 years ago
GitHubSecurityLab / ruby-unsafe-deserialization
View on GitHub
Proof of Concepts for unsafe deserialization in Ruby
☆17Oct 17, 2024Updated last year
BishopFox / jsluice
View on GitHub
Extract URLs, paths, secrets, and other interesting bits from JavaScript
☆1,773May 22, 2024Updated last year
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,589Jan 27, 2024Updated 2 years ago
ImAyrix / cut-cdn
View on GitHub
✂️ Removing CDN IPs from the list of IP addresses
☆346Jul 22, 2025Updated 7 months ago
nikitastupin / clairvoyance
View on GitHub
Obtain GraphQL API schema even if the introspection is disabled
☆1,399Dec 5, 2025Updated 3 months ago
jamaledim / Hunt-Setup
View on GitHub
☆20Sep 2, 2024Updated last year
t0xodile / the-single-packet-shovel
View on GitHub
☆21Sep 12, 2025Updated 5 months ago
ambionics / lightyear
View on GitHub
lightyear is a tool to dump files in tedious (blind) conditions using PHP filters
☆112Jun 23, 2025Updated 8 months ago
wrvenkat / burp-multistep-csrf-poc
View on GitHub
Burp extension to generate multi-step CSRF POC.
☆31Sep 23, 2019Updated 6 years ago
nxenon / grpc-pentest-suite
View on GitHub
gRPC-Web Pentesting Suite + Burp Suite Extension / Hack gRPC-Web Applications (Official BApp Extension Available)
☆246Nov 4, 2025Updated 4 months ago
cramppet / regulator
View on GitHub
Automated learning of regexes for DNS discovery
☆390Feb 18, 2023Updated 3 years ago
electro0nes / writeup-finder
View on GitHub
Writeup finder from medium or other
☆22Sep 11, 2024Updated last year
Hackmanit / Web-Cache-Vulnerability-Scanner
View on GitHub
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…
☆1,153Jan 21, 2026Updated last month
securelayer7 / not-a-vuln-list
View on GitHub
Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report
☆14Feb 6, 2025Updated last year
ambionics / scalpel
View on GitHub
Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.
☆68May 31, 2024Updated last year
jackfromeast / dom-clobbering-collection
View on GitHub
A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.
☆48Aug 31, 2025Updated 6 months ago
Josue87 / gotator
View on GitHub
Gotator is a tool to generate DNS wordlists through permutations.
☆507Jul 17, 2022Updated 3 years ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆656Jun 29, 2025Updated 8 months ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆956Dec 31, 2021Updated 4 years ago
assetnote / h2csmuggler
View on GitHub
☆75Feb 11, 2024Updated 2 years ago
sw33tLie / bbscope
View on GitHub
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
☆1,313Updated this week
kosmosec / proto-find
View on GitHub
Let's check if your target is vulnerable for client side prototype pollution.
☆65Jan 9, 2024Updated 2 years ago
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,106Apr 29, 2024Updated last year