swoops/eval_villain

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/swoops/eval_villain)

swoops / eval_villain

A Firefox Web Extension to improve the discovery of DOM XSS.

☆288

Alternatives and similar repositories for eval_villain

Users that are interested in eval_villain are comparing it to the libraries listed below

Sorting:

haticeerturk / scoper
View on GitHub
This is a Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.
☆97Jan 2, 2025Updated last year
devanshbatham / heaptruffle
View on GitHub
Mine URLs from Browser's Heap Snapshot for fun and profit
☆64Aug 9, 2023Updated 2 years ago
JoshMorrison99 / isXSS-Burp
View on GitHub
Passively check for XSS character encodings
☆18Feb 7, 2026Updated 3 weeks ago
0xacb / recollapse
View on GitHub
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
☆1,290Aug 7, 2025Updated 6 months ago
xnl-h4ck3r / urless
View on GitHub
De-clutter a list of URLs
☆386Feb 3, 2026Updated 3 weeks ago
BishopFox / jsluice
View on GitHub
Extract URLs, paths, secrets, and other interesting bits from JavaScript
☆1,771May 22, 2024Updated last year
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆657Jun 29, 2025Updated 8 months ago
w9w / JSA
View on GitHub
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
☆559Mar 8, 2025Updated 11 months ago
sea-erkin / log-snare
View on GitHub
LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.
☆33Mar 4, 2024Updated last year
SeifElsallamy / Blind-XSS-Manager
View on GitHub
Never forget where you inject.
☆297Aug 15, 2025Updated 6 months ago
robre / jsmon
View on GitHub
a javascript change monitoring tool for bugbounties
☆711Jul 31, 2024Updated last year
0x999-x / jsluicepp
View on GitHub
jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice
☆291Apr 9, 2024Updated last year
kevin-mizu / domloggerpp
View on GitHub
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
☆772Dec 9, 2025Updated 2 months ago
r0075h3ll / Oralyzer
View on GitHub
Open Redirection Analyzer
☆812Mar 5, 2023Updated 2 years ago
KathanP19 / JSFScan.sh
View on GitHub
Automation for javascript recon in bug bounty.
☆1,069Sep 9, 2023Updated 2 years ago
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,584Jan 27, 2024Updated 2 years ago
gwen001 / github-subdomains
View on GitHub
Find subdomains on GitHub.
☆823Mar 28, 2023Updated 2 years ago
assetnote / surf
View on GitHub
Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
☆753Dec 19, 2023Updated 2 years ago
hisxo / JSpector
View on GitHub
A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
☆374Jul 25, 2023Updated 2 years ago
yavolo / eventlistener-xss-recon
View on GitHub
☆148Dec 23, 2022Updated 3 years ago
xnl-h4ck3r / GAP-Burp-Extension
View on GitHub
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
☆1,497Jan 8, 2026Updated last month
ACK-J / postMessage-tracker-firefox
View on GitHub
A Firefox Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆27Dec 9, 2024Updated last year
Escape-Technologies / graphql-wordlist
View on GitHub
The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
☆455Oct 3, 2023Updated 2 years ago
ayadim / Nuclei-bug-hunter
View on GitHub
i will upload more templates here to share with the comunity.
☆567Apr 17, 2024Updated last year
devanshbatham / FavFreak
View on GitHub
Making Favicon.ico based Recon Great again !
☆1,266Aug 29, 2023Updated 2 years ago
bitquark / shortscan
View on GitHub
An IIS short filename enumeration tool
☆1,123Nov 25, 2024Updated last year
msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
xnl-h4ck3r / waymore
View on GitHub
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!
☆2,543Feb 7, 2026Updated 3 weeks ago
cramppet / regulator
View on GitHub
Automated learning of regexes for DNS discovery
☆392Feb 18, 2023Updated 3 years ago
devanshbatham / OpenRedireX
View on GitHub
A fuzzer for detecting open redirect vulnerabilities
☆782Jul 1, 2024Updated last year
BishopFox / sj
View on GitHub
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
☆723Updated this week
root-tanishq / userefuzz
View on GitHub
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
☆382May 19, 2023Updated 2 years ago
xhzeem / toxicache
View on GitHub
Go scanner to find web cache poisoning vulnerabilities in a list of URLs
☆149Feb 21, 2024Updated 2 years ago
Sh1Yo / x8
View on GitHub
Hidden parameters discovery suite
☆2,027Sep 8, 2024Updated last year
0ang3el / aem-hacker
View on GitHub
☆810Jul 28, 2024Updated last year
ryandamour / crlfmap
View on GitHub
CRLFMap is a tool to find HTTP Splitting vulnerabilities
☆32Oct 11, 2020Updated 5 years ago
theinfosecguy / QuickXSS
View on GitHub
Automating XSS using Bash
☆362Jan 27, 2026Updated last month
xnl-h4ck3r / knoxnl
View on GitHub
This is a python wrapper around the amazing KNOXSS API by Brute Logic
☆280Jan 12, 2026Updated last month
ayoubfathi / leaky-paths
View on GitHub
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
☆1,024Feb 22, 2026Updated last week