securitum/research external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

securitum/research

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/securitum/research)

Close

securitum / researchView on GitHubMore

• External links
• Readme badge

research

☆152Mar 21, 2024Updated last year

Alternatives and similar repositories for research

Users that are interested in research are comparing it to the libraries listed below

• msrkp / PPScan

  View on GitHub
  Client Side Prototype Pollution Scanner
  ☆522Sep 17, 2022Updated 3 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,589Jan 27, 2024Updated 2 years ago
• filedescriptor / untrusted-types

  View on GitHub
  ☆695Jul 4, 2022Updated 3 years ago
• BlackFan / cspp-tools

  View on GitHub
  Client-Side Prototype Pollution Tools
  ☆87Sep 21, 2021Updated 4 years ago
• xsleaks / wiki

  View on GitHub
  XS-Leaks Wiki
  ☆178May 29, 2025Updated 9 months ago
• smiegles / extract-relative-url-heapsnapshot

  View on GitHub
  Extract relative urls from a heap snapshot
  ☆87May 30, 2021Updated 4 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆613Mar 4, 2021Updated 4 years ago
• artsploit / rogue-jndi

  View on GitHub
  A malicious LDAP server for JNDI injection attacks
  ☆76Nov 15, 2024Updated last year
• TyrantSec / Fuzzing

  View on GitHub
  Fuzzing Payloads to Assist in Web Application Testing.
  ☆166Jun 6, 2019Updated 6 years ago
• 0ang3el / websocket-smuggle

  View on GitHub
  Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
  ☆391Aug 15, 2024Updated last year
• terjanq / JS-Alpha

  View on GitHub
  Funny project to create an encoder/obfuscator that converts any javascript code into a code that only consist of /[a-z().]/ characters
  ☆82Oct 11, 2019Updated 6 years ago
• Metnew / uxss-db

  View on GitHub
  🔪Browser logic vulnerabilities
  ☆698Jan 23, 2021Updated 5 years ago
• jmdx / TLS-poison

  View on GitHub
  ☆705Nov 27, 2024Updated last year
• hahwul / websocket-connection-smuggler

  View on GitHub
  websocket-connection-smuggler
  ☆66Jan 22, 2020Updated 6 years ago
• xsleaks / xsleaks

  View on GitHub
  A collection of browser-based side channel attack vectors.
  ☆759Mar 19, 2024Updated last year
• yeswehack / xsstools

  View on GitHub
  xss development frameworks, with the goal of making payload writing easier.
  ☆153Aug 7, 2024Updated last year
• TheGrandPew / Sanity

  View on GitHub
  ☆17Jul 31, 2021Updated 4 years ago
• hahwul / XSS-Payload-without-Anything

  View on GitHub
  XSS Payload without Anything.
  ☆104Jun 28, 2019Updated 6 years ago
• GoSecure / dtd-finder

  View on GitHub
  List DTDs and generate XXE payloads using those local DTDs.
  ☆648Feb 21, 2024Updated 2 years ago
• veracode-research / solr-injection

  View on GitHub
  Apache Solr Injection Research
  ☆579Jan 28, 2020Updated 6 years ago
• HoLyVieR / prototype-pollution-nsec18

  View on GitHub
  Content released at NorthSec 2018 for my talk on prototype pollution
  ☆535May 25, 2024Updated last year
• nccgroup / Decoder-Improved

  View on GitHub
  Improved decoder for Burp Suite
  ☆138Aug 30, 2021Updated 4 years ago
• DeliciousHorse / writeups

  View on GitHub
  ☆21Mar 18, 2019Updated 6 years ago
• fransr / postMessage-tracker

  View on GitHub
  A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
  ☆1,293Jan 26, 2024Updated 2 years ago
• pwntester / DupeKeyInjector

  View on GitHub
  DupeKeyInjector
  ☆134Apr 16, 2022Updated 3 years ago
• topavankumarj / Vulnerable-OAuth2.0-Application

  View on GitHub
  ☆10Dec 8, 2022Updated 3 years ago
• Phoenix1112 / DnsR

  View on GitHub
  ☆12Sep 23, 2023Updated 2 years ago
• mattiasgrenfeldt / bachelors-thesis-http-request-smuggling

  View on GitHub
  ☆71Nov 8, 2021Updated 4 years ago
• jespinhara / j-is-the-boss

  View on GitHub
  ☆23Apr 21, 2022Updated 3 years ago
• C0DEbrained / Stepper

  View on GitHub
  A natural evolution of Burp Suite's Repeater tool
  ☆201Feb 9, 2024Updated 2 years ago
• assetnote / blind-ssrf-chains

  View on GitHub
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆953Dec 31, 2021Updated 4 years ago
• Kirill89 / prototype-pollution-exploits

  View on GitHub
  Prototype Pollution exploits collection
  ☆37Aug 8, 2021Updated 4 years ago
• daeken / httprebind

  View on GitHub
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆304Aug 21, 2020Updated 5 years ago
• BlackFan / content-type-research

  View on GitHub
  Content-Type Research
  ☆657Jun 29, 2025Updated 8 months ago
• Regala / burp-scope-monitor

  View on GitHub
  Burp Suite Extension to monitor new scope
  ☆200Mar 31, 2021Updated 4 years ago
• intruder-io / rebind-server

  View on GitHub
  A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers
  ☆19Jun 9, 2023Updated 2 years ago
• riramar / h2rs

  View on GitHub
  Detects request smuggling via HTTP/2 downgrades.
  ☆94Jul 30, 2022Updated 3 years ago
• BlackFan / WEB-INF-dict

  View on GitHub
  List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.
  ☆84Mar 23, 2018Updated 7 years ago
• PortSwigger / taborator

  View on GitHub
  A Burp extension to show the Collaborator client in a tab
  ☆36Dec 23, 2022Updated 3 years ago