Alternatives and similar repositories for XSStrike

Users that are interested in XSStrike are comparing it to the libraries listed below

• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,086Feb 20, 2025Updated 11 months ago
• s0md3v / AwesomeXSS

  View on GitHub
  Awesome XSS stuff
  ☆5,054Oct 30, 2024Updated last year
• maurosoria / dirsearch

  View on GitHub
  Web path scanner
  ☆13,979Updated this week
• hahwul / dalfox

  View on GitHub
  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  ☆4,835Updated this week
• GerbenJavado / LinkFinder

  View on GitHub
  A python script that finds endpoints in JavaScript files
  ☆4,280Apr 13, 2024Updated last year
• michenriksen / aquatone

  View on GitHub
  A Tool for Domain Flyovers
  ☆5,896May 22, 2022Updated 3 years ago
• swisskyrepo / PayloadsAllTheThings

  View on GitHub
  A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  ☆75,135Feb 2, 2026Updated last week
• projectdiscovery / subfinder

  View on GitHub
  Fast passive subdomain enumeration tool.
  ☆13,054Feb 5, 2026Updated last week
• projectdiscovery / nuclei

  View on GitHub
  Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…
  ☆26,985Updated this week
• ffuf / ffuf

  View on GitHub
  Fast web fuzzer written in Go
  ☆15,574Apr 24, 2025Updated 9 months ago
• xmendez / wfuzz

  View on GitHub
  Web application fuzzer
  ☆6,410Jan 21, 2026Updated 3 weeks ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,479Sep 4, 2025Updated 5 months ago
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,117Apr 21, 2024Updated last year
• owasp-amass / amass

  View on GitHub
  In-depth attack surface mapping and asset discovery
  ☆14,103Updated this week
• aboul3la / Sublist3r

  View on GitHub
  Fast subdomains enumeration tool for penetration testers
  ☆10,802Aug 2, 2024Updated last year
• danielmiessler / SecLists

  View on GitHub
  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in …
  ☆68,783Updated this week
• 1N3 / Sn1per

  View on GitHub
  Attack Surface Management Platform
  ☆9,378Jan 12, 2026Updated last month
• fuzzdb-project / fuzzdb

  View on GitHub
  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  ☆8,802Nov 10, 2023Updated 2 years ago
• EnableSecurity / wafw00f

  View on GitHub
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  ☆6,157Jan 27, 2026Updated 2 weeks ago
• frohoff / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,733Dec 4, 2025Updated 2 months ago
• s0md3v / Photon

  View on GitHub
  Incredibly fast crawler designed for OSINT.
  ☆12,662Updated this week
• commixproject / commix

  View on GitHub
  Automated All-in-One OS Command Injection Exploitation Tool
  ☆5,624Updated this week
• byt3bl33d3r / CrackMapExec

  View on GitHub
  A swiss army knife for pentesting networks
  ☆9,050Dec 6, 2023Updated 2 years ago
• projectdiscovery / nuclei-templates

  View on GitHub
  Community curated list of templates for the nuclei engine to find security vulnerabilities.
  ☆11,935Updated this week
• almandin / fuxploider

  View on GitHub
  File upload vulnerability scanner and exploitation tool.
  ☆3,300May 8, 2025Updated 9 months ago
• fortra / impacket

  View on GitHub
  Impacket is a collection of Python classes for working with network protocols.
  ☆15,433Feb 5, 2026Updated last week
• ticarpi / jwt_tool

  View on GitHub
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,347May 1, 2025Updated 9 months ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,897Sep 27, 2021Updated 4 years ago
• RedSiege / EyeWitness

  View on GitHub
  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  ☆5,629Jan 5, 2026Updated last month
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,484Oct 12, 2024Updated last year
• 0xInfection / Awesome-WAF

  View on GitHub
  Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
  ☆7,353Aug 28, 2025Updated 5 months ago
• sqlmapproject / sqlmap

  View on GitHub
  Automatic SQL injection and database takeover tool
  ☆36,533Feb 5, 2026Updated last week
• EdOverflow / bugbounty-cheatsheet

  View on GitHub
  A list of interesting payloads, tips and tricks for bug bounty hunters.
  ☆6,373Sep 14, 2023Updated 2 years ago
• projectdiscovery / httpx

  View on GitHub
  httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
  ☆9,543Updated this week
• tomnomnom / waybackurls

  View on GitHub
  Fetch all the URLs that the Wayback Machine knows about for a domain
  ☆4,309May 1, 2024Updated last year
• EdOverflow / can-i-take-over-xyz

  View on GitHub
  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
  ☆5,550Feb 8, 2025Updated last year
• devanshbatham / ParamSpider

  View on GitHub
  Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
  ☆2,998Jun 24, 2024Updated last year
• shmilylty / OneForAll

  View on GitHub
  OneForAll是一款功能强大的子域收集工具
  ☆9,601Sep 12, 2025Updated 5 months ago
• samratashok / nishang

  View on GitHub
  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  ☆9,740Apr 25, 2024Updated last year