Alternatives and similar repositories for SSRF-Testing

Users that are interested in SSRF-Testing are comparing it to the libraries listed below

• riramar / h2rs
  Detects request smuggling via HTTP/2 downgrades.
  ☆94Updated 3 years ago
• buggysolid / bugbounty-wordlist
  Real world bug bounty wordlists
  ☆117Updated 2 years ago
• zeroc00I / ReconNotes
  Just some public notes that can be useful and i want let the world knows.
  ☆88Updated 5 years ago
• dwisiswant0 / wadl-dumper
  Dump all available paths and/or endpoints on WADL file.
  ☆98Updated 2 months ago
• random-robbie / ssrf-finder
  Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
  ☆112Updated 3 years ago
• Dheerajmadhukar / Lilly
  Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, al…
  ☆185Updated 5 years ago
• bp0lr / dmut
  A tool to perform permutations, mutations and alteration of subdomains in golang.
  ☆156Updated 2 years ago
• lc / DOD-Recon
  Recon for Department of Defense HackerOne program
  ☆47Updated 7 years ago
• PatrikFehrenbach / amass-tools
  ☆105Updated 5 years ago
• Leoid / MatchandReplace
  Match and Replace script used to automatically generate JSON option file to BurpSuite
  ☆215Updated 6 years ago
• alifathi-h1 / gh_scanner
  GH Scanner Tool is written in Python3 and designed for penetration testers and bug bounty hunters to scan Organization/User repositories …
  ☆34Updated 6 months ago
• udit-thakkur / AdvancedKeyHacks
  API Key/Token Exploitation Made easy.
  ☆93Updated 4 years ago
• h1pmnh / h1privdisc
  Utility to pull disclosed vulnerabilities from HackerOne private programs - for personal use only
  ☆13Updated 4 years ago
• FleexSecurity / fleex
  Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
  ☆265Updated this week
• vavkamil / XFFenum
  X-Forwarded-For [403 forbidden] enumeration
  ☆99Updated last year
• elfarsaouiomar / monitor-new-subdomain
  Subdomain Monitor A production-ready subdomain monitoring system with both API and CLI interfaces.
  ☆74Updated last week
• JavierOlmedo / UltimateCMSWordlists
  📚 An ultimate collection wordlists of the best-known CMS
  ☆93Updated last year
• jakejarvis / bounty-domains
  List of domains in scope for bug bounties (HackerOne, Bugcrowd, etc.)
  ☆74Updated 4 years ago
• jdonsec / AllThingsXXE
  ☆31Updated 5 years ago
• michael1026 / inscope
  ☆18Updated 4 years ago
• honoki / tools
  A collection of simple tools and poc-builders
  ☆39Updated 6 months ago
• jthack / ffuf_presentation
  ☆16Updated 4 years ago
• TheBinitGhimire / GitHub-Recon
  GitHub Recon — and what you can achieve with it!
  ☆121Updated 4 years ago
• allyomalley / BurpParamFlagger
  A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…
  ☆132Updated 4 years ago
• hahwul / gee
  🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addi…
  ☆85Updated 4 months ago
• vincd / wappylyzer
  Implementation of Wappalyzer in Python
  ☆55Updated 3 years ago
• devanshbatham / awesome-bughunting-oneliners
  A list of Awesome Bughunting oneliners , collected from the various sources
  ☆69Updated 2 years ago
• Droidzzzio / EnumerationList
  This Repo contains wordlist for subdomain enumeration , php file path, html file path, and js file path
  ☆107Updated 5 years ago
• Traceableai / 31-days-of-pentesting
  31 Tips for pentesters & security engineers
  ☆87Updated 4 years ago
• assetnote / h2csmuggler
  ☆75Updated last year