ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET parameters, and tests them for reflected input. The tool helps bug bounty hunters and penetration testers quickly identify potential reflected XSS flaws, offering fast and reliable results.
☆63Feb 22, 2025Updated last year
Alternatives and similar repositories for ex-param
Users that are interested in ex-param are comparing it to the libraries listed below
Sorting:
- ParamScan is a chrome extension for finding reflected parameters in a webpage.☆92Jan 11, 2025Updated last year
- SubOwner - A Simple tool check for subdomain takeovers.☆116Oct 18, 2024Updated last year
- Find subdomains on GitLab.☆107Apr 28, 2024Updated last year
- A high-performance Go-based tool for checking the availability and responsiveness of domains, utilizing both HTTP requests and browser au…☆92Nov 26, 2024Updated last year
- ☆42Jul 31, 2024Updated last year
- ☆14Nov 8, 2024Updated last year
- Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges☆44Oct 27, 2024Updated last year
- ☆13Dec 21, 2023Updated 2 years ago
- 🌐 Get Some Useful Info From Domain/IP/ASN 🔥☆19Sep 29, 2024Updated last year
- A passive way to find backups/ sensitive information.☆89Jul 10, 2025Updated 8 months ago
- ☆18Jul 21, 2025Updated 7 months ago
- Extractify extension is a Chrome extension designed for web security testing, enabling users to efficiently extract JavaScript files and …☆30Dec 10, 2024Updated last year
- Dnsbruter is a powerful tool designed to perform active subdomain enumeration and discovery. It uses DNS resolution to efficiently brutef…☆125Dec 17, 2024Updated last year
- N0aziXss Origin Recon 🍓☆23Dec 16, 2025Updated 3 months ago
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆265Jul 6, 2025Updated 8 months ago
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated last year
- Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulat…☆202May 22, 2025Updated 9 months ago
- Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments☆12Nov 23, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆44Feb 24, 2025Updated last year
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body☆36Dec 13, 2025Updated 3 months ago
- A fast subdomain takeover tool☆86Nov 10, 2023Updated 2 years ago
- A collaborative hub for Nuclei templates. Contribute, share, and explore powerful vulnerability detection tools!☆50Feb 1, 2025Updated last year
- Enter Morpheus, your advanced IOC detection tool. Powered by expert YARA rules and integrated with VirusTotal, it scans and identifies In…☆54Feb 12, 2025Updated last year
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- Continues Recon on Public Bug Bounty Program☆16Jun 19, 2024Updated last year
- jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying se…☆497Jan 22, 2026Updated last month
- IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applicatio…☆221Sep 25, 2025Updated 5 months ago
- GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.☆271Dec 23, 2024Updated last year
- SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.☆191Mar 18, 2025Updated last year
- URL Fuzzing Tool.☆28Apr 21, 2025Updated 10 months ago
- ☆15Jun 23, 2023Updated 2 years ago
- Proxy Management for Security Professionals☆24Mar 25, 2025Updated 11 months ago
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆311Mar 31, 2024Updated last year
- Exploits with pwntools library in Python3. ROP, BOF, SHELLCODE.☆20Feb 2, 2024Updated 2 years ago
- SubCerts is a simple tool that uses certificate transparency logs (via crt.sh) to extract subdomains of a given domain.☆75Jan 6, 2026Updated 2 months ago
- Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection☆14Nov 1, 2024Updated last year
- Url scrapper or extractor from alienvault☆38Mar 1, 2025Updated last year
- Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to collect old directories and paths for any domain whi…☆234Nov 21, 2025Updated 3 months ago
- BetterBugBounty - Here tools are classic, bugs are hunted, and nostalgia is the ultimate weapon!☆29Feb 10, 2024Updated 2 years ago