ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET parameters, and tests them for reflected input. The tool helps bug bounty hunters and penetration testers quickly identify potential reflected XSS flaws, offering fast and reliable results.
☆63Feb 22, 2025Updated last year
Alternatives and similar repositories for ex-param
Users that are interested in ex-param are comparing it to the libraries listed below
Sorting:
- ParamScan is a chrome extension for finding reflected parameters in a webpage.☆92Jan 11, 2025Updated last year
- SubOwner - A Simple tool check for subdomain takeovers.☆116Oct 18, 2024Updated last year
- ☆14Nov 8, 2024Updated last year
- ☆42Jul 31, 2024Updated last year
- A high-performance Go-based tool for checking the availability and responsiveness of domains, utilizing both HTTP requests and browser au…☆92Nov 26, 2024Updated last year
- ☆13Dec 21, 2023Updated 2 years ago
- Find subdomains on GitLab.☆106Apr 28, 2024Updated last year
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆262Jul 6, 2025Updated 7 months ago
- Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection☆13Nov 1, 2024Updated last year
- Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges☆44Oct 27, 2024Updated last year
- A passive way to find backups/ sensitive information.☆87Jul 10, 2025Updated 7 months ago
- Dnsbruter is a powerful tool designed to perform active subdomain enumeration and discovery. It uses DNS resolution to efficiently brutef…☆125Dec 17, 2024Updated last year
- Enter Morpheus, your advanced IOC detection tool. Powered by expert YARA rules and integrated with VirusTotal, it scans and identifies In…☆54Feb 12, 2025Updated last year
- SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.☆190Mar 18, 2025Updated 11 months ago
- Extractify extension is a Chrome extension designed for web security testing, enabling users to efficiently extract JavaScript files and …☆30Dec 10, 2024Updated last year
- N0aziXss Origin Recon 🍓☆23Dec 16, 2025Updated 2 months ago
- Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulat…☆199May 22, 2025Updated 9 months ago
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body☆36Dec 13, 2025Updated 2 months ago
- Burp extension used to snip any header from all the requests.☆23Nov 12, 2023Updated 2 years ago
- 🌐 Get Some Useful Info From Domain/IP/ASN 🔥☆18Sep 29, 2024Updated last year
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated 11 months ago
- Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments☆12Nov 23, 2023Updated 2 years ago
- Detect SSRF within Caido☆47Feb 20, 2026Updated last week
- Exploits with pwntools library in Python3. ROP, BOF, SHELLCODE.☆20Feb 2, 2024Updated 2 years ago
- A fast subdomain takeover tool☆85Nov 10, 2023Updated 2 years ago
- Url scrapper or extractor from alienvault☆38Mar 1, 2025Updated 11 months ago
- IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applicatio…☆218Sep 25, 2025Updated 5 months ago
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆309Mar 31, 2024Updated last year
- This is a useful Python script for extracting bug bounty or any other write-ups from every RSS.☆141Nov 21, 2025Updated 3 months ago
- GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.☆267Dec 23, 2024Updated last year
- A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods…☆120Nov 11, 2024Updated last year
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- Burp Suite extension that makes your life easier by tucking the headers out of the way, so you can see the body content right away withou…☆39Oct 23, 2023Updated 2 years ago
- SNMP Bash Script to discover valid community strings, dump basic information, check for write permission and check for RCE.☆11Apr 27, 2024Updated last year
- ☆15Jun 23, 2023Updated 2 years ago
- jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying se…☆489Jan 22, 2026Updated last month
- Unauthorized Docker Exploitation Tool☆37Dec 24, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆43Feb 24, 2025Updated last year
- SubCerts is a simple tool that uses certificate transparency logs (via crt.sh) to extract subdomains of a given domain.☆75Jan 6, 2026Updated last month