ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET parameters, and tests them for reflected input. The tool helps bug bounty hunters and penetration testers quickly identify potential reflected XSS flaws, offering fast and reliable results.
☆61Feb 22, 2025Updated last year
Alternatives and similar repositories for ex-param
Users that are interested in ex-param are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ParamScan is a chrome extension for finding reflected parameters in a webpage.☆92Jan 11, 2025Updated last year
- SubOwner - A Simple tool check for subdomain takeovers.☆118Oct 18, 2024Updated last year
- Find subdomains on GitLab.☆106Apr 28, 2024Updated 2 years ago
- A high-performance Go-based tool for checking the availability and responsiveness of domains, utilizing both HTTP requests and browser au…☆92Nov 26, 2024Updated last year
- ☆51Jul 31, 2024Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- ☆14Nov 8, 2024Updated last year
- Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges☆43Oct 27, 2024Updated last year
- ☆13Dec 21, 2023Updated 2 years ago
- A passive way to find backups/ sensitive information.☆92Jul 10, 2025Updated 11 months ago
- ☆17Jul 21, 2025Updated 10 months ago
- Extractify extension is a Chrome extension designed for web security testing, enabling users to efficiently extract JavaScript files and …☆30Dec 10, 2024Updated last year
- Dnsbruter is a powerful tool designed to perform active subdomain enumeration and discovery. It uses DNS resolution to efficiently brutef…☆126Dec 17, 2024Updated last year
- N0aziXss Origin Recon 🍓☆22Dec 16, 2025Updated 6 months ago
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆266May 17, 2026Updated last month
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulat…☆211May 22, 2025Updated last year
- Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments☆12Nov 23, 2023Updated 2 years ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆45Feb 24, 2025Updated last year
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body☆36Apr 9, 2026Updated 2 months ago
- A collaborative hub for Nuclei templates. Contribute, share, and explore powerful vulnerability detection tools!☆49Feb 1, 2025Updated last year
- A fast subdomain takeover tool☆87May 21, 2026Updated 3 weeks ago
- Enter Morpheus, your advanced IOC detection tool. Powered by expert YARA rules and integrated with VirusTotal, it scans and identifies In…☆53Feb 12, 2025Updated last year
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- Continues Recon on Public Bug Bounty Program☆15Jun 19, 2024Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying se…☆524May 16, 2026Updated last month
- IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applicatio…☆231Sep 25, 2025Updated 8 months ago
- GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.☆284Dec 23, 2024Updated last year
- SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.☆194Mar 18, 2025Updated last year
- ☆16Jun 23, 2023Updated 2 years ago
- URL Fuzzing Tool.☆27Apr 21, 2025Updated last year
- Proxy Management for Security Professionals☆24Mar 25, 2025Updated last year
- Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers☆313Mar 31, 2024Updated 2 years ago
- Exploits with pwntools library in Python3. ROP, BOF, SHELLCODE.☆20Feb 2, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- SubCerts is a simple tool that uses certificate transparency logs (via crt.sh) to extract subdomains of a given domain.☆75Jan 6, 2026Updated 5 months ago
- Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection☆14Nov 1, 2024Updated last year
- Url scrapper or extractor from alienvault☆39Mar 1, 2025Updated last year
- Robofinder fetches historical robots.txt files from Archive.org to uncover old directories, hidden paths, and valuable OSINT data for rec…☆253Updated this week
- BetterBugBounty - Here tools are classic, bugs are hunted, and nostalgia is the ultimate weapon!☆30Feb 10, 2024Updated 2 years ago
- 🤖 The Modern, Blazing Fast Port Scanner 🤖☆28Dec 29, 2024Updated last year
- Burp extension used to snip any header from all the requests.☆24Nov 12, 2023Updated 2 years ago