Alternatives and similar repositories for sh00t

Users that are interested in sh00t are comparing it to the libraries listed below

• TheTwitchy / xxer

  View on GitHub
  A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
  ☆518Jul 29, 2020Updated 5 years ago
• yaseng / yafinger

  View on GitHub
  yet another web fingerprinter
  ☆14Nov 30, 2017Updated 8 years ago
• YalcinYolalan / WSSAT

  View on GitHub
  WEB SERVICE SECURITY ASSESSMENT TOOL
  ☆390Sep 24, 2021Updated 4 years ago
• Tw1sm / nessporter

  View on GitHub
  Assists in mass exportation of Nessus scans
  ☆20Apr 20, 2018Updated 7 years ago
• mseclab / Burp-PyJFuzz

  View on GitHub
  Burp Suite plugin which implement PyJFuzz for fuzzing web application.
  ☆56Apr 10, 2017Updated 8 years ago
• Abacus-Group-RTO / legion

  View on GitHub
  Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, recon…
  ☆1,054Nov 4, 2024Updated last year
• yassineaboukir / sublert

  View on GitHub
  Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…
  ☆1,028Feb 5, 2021Updated 5 years ago
• welchbj / bscan

  View on GitHub
  an asynchronous target enumeration tool
  ☆245Dec 8, 2022Updated 3 years ago
• jeffzh3ng / fuxi

  View on GitHub
  Penetration Testing Platform
  ☆1,350Jul 6, 2022Updated 3 years ago
• RhinoSecurityLabs / SleuthQL

  View on GitHub
  Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
  ☆470Nov 14, 2019Updated 6 years ago
• archerysec / archerysec

  View on GitHub
  ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
  ☆2,435Jun 11, 2025Updated 8 months ago
• yaap7 / miSCripts

  View on GitHub
  miscellaneous scripts mostly created for pentest purposes at first, but then for various IT tasks
  ☆22Jun 30, 2025Updated 7 months ago
• WebBreacher / offensiveinterview

  View on GitHub
  Interview questions to screen offensive (red team/pentest) candidates
  ☆889Mar 6, 2019Updated 6 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,771Apr 26, 2024Updated last year
• NetsOSS / headless-burp

  View on GitHub
  Automate security tests using Burp Suite.
  ☆233Jun 12, 2024Updated last year
• praetorian-inc / purple-team-attack-automation

  View on GitHub
  Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
  ☆728Jan 21, 2020Updated 6 years ago
• dxa4481 / cssInjection

  View on GitHub
  Stealing CSRF tokens with CSS injection (without iFrames)
  ☆323Feb 7, 2018Updated 8 years ago
• xorrior / raven

  View on GitHub
  CobaltStrike External C2 for Websockets
  ☆197Jul 16, 2019Updated 6 years ago
• FallenGaven / AWVS11_Python3

  View on GitHub
  之前做系统，要对接AWVS11，写了一个可以python3的调用文档，感兴趣的可以看看
  ☆11Dec 6, 2017Updated 8 years ago
• incredibleindishell / exploit-code-by-me

  View on GitHub
  Exploit code developed/reproduced by me
  ☆90Jan 25, 2023Updated 3 years ago
• jiangsir404 / wam-monitor

  View on GitHub
  对一些开源cms官网的更新，github commit进行监控的工具
  ☆11Dec 27, 2018Updated 7 years ago
• evait-security / envizon

  View on GitHub
  network visualization & pentest reporting
  ☆531May 2, 2023Updated 2 years ago
• nccgroup / freddy

  View on GitHub
  Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
  ☆584Sep 7, 2021Updated 4 years ago
• SecurityPaper / mail_fishing

  View on GitHub
  甲方安全工程师必备，内部钓鱼系统
  ☆230Jan 15, 2022Updated 4 years ago
• Leviathan36 / kaboom

  View on GitHub
  A tool to automate penetration tests
  ☆382Mar 9, 2024Updated last year
• rfunix / Pompem

  View on GitHub
  Find exploit tool
  ☆1,023Aug 30, 2022Updated 3 years ago
• bit4woo / domain_hunter

  View on GitHub
  A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或…
  ☆675Jul 16, 2023Updated 2 years ago
• TKCERT / mail-security-tester

  View on GitHub
  A testing framework for mail security and filtering solutions.
  ☆245Jul 24, 2023Updated 2 years ago
• baguswiratmaadi / reverie

  View on GitHub
  Automated Pentest Tools Designed For Parrot Linux
  ☆84Apr 23, 2019Updated 6 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,484Oct 12, 2024Updated last year
• ZH3FENG / Weblogic_SSRF

  View on GitHub
  A pyhon script to do port scan via weblogic uuid
  ☆10Oct 1, 2020Updated 5 years ago
• sickuritywizard / recon-007

  View on GitHub
  Bug Bounty tool to automate the recon process.
  ☆12Oct 4, 2023Updated 2 years ago
• Lucifer1993 / struts-scan

  View on GitHub
  Python2编写的struts2漏洞全版本检测和利用工具
  ☆1,420May 7, 2019Updated 6 years ago
• no0be / DNSlivery

  View on GitHub
  Easy files and payloads delivery over DNS
  ☆424Jan 3, 2026Updated last month
• fcavallarin / htcap

  View on GitHub
  htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.
  ☆625Oct 11, 2021Updated 4 years ago
• kmkz / Pentesting

  View on GitHub
  Tricks for penetration testing
  ☆581Updated this week
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,704Dec 1, 2024Updated last year
• hahwul / a2sv

  View on GitHub
  Auto Scanning to SSL Vulnerability
  ☆633Dec 12, 2020Updated 5 years ago
• knownsec / wam

  View on GitHub
  Web App Monitor
  ☆228Sep 20, 2018Updated 7 years ago