swoops / eval_villain
A Firefox Web Extension to improve the discovery of DOM XSS.
☆249Updated 11 months ago
Related projects: ⓘ
- Burp extension to create target specific and tailored wordlist from burp history.☆228Updated 2 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆287Updated last year
- Prototype pollution scanner using headless chrome☆196Updated 2 years ago
- A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way t…☆227Updated 2 years ago
- IIS shortname scanner written in Go☆299Updated last year
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆313Updated last year
- ☆220Updated 3 months ago
- Customisable and automated HTTP header injection☆224Updated 2 months ago
- Gotator is a tool to generate DNS wordlists through permutations.☆445Updated 2 years ago
- Unofficial documentation for the great tool Param Miner☆169Updated 2 years ago
- Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations☆328Updated 4 years ago
- De-clutter a list of URLs☆307Updated 5 months ago
- 🐙 Cross-document messaging security research tool powered by https://enso.security☆276Updated last year
- This tool use fuuzzing to try to bypass unknown authentication methods, who knows...☆209Updated last month
- List of reporting templates I have used since I started doing BBH.☆226Updated this week
- CT Log Scanner☆241Updated 3 months ago
- Secret and/or credential patterns used for gf.☆229Updated last year
- ☆282Updated 2 years ago
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆318Updated 11 months ago
- A fast and minimal JS endpoint extractor☆303Updated 8 months ago
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆182Updated last month
- ☆332Updated 4 months ago
- A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate☆204Updated 2 months ago
- Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, al…☆176Updated 3 years ago
- List of fresh DNS resolvers updated daily☆107Updated last year
- Burpsuite plugin for Interact.sh☆197Updated 2 months ago
- Automated learning of regexes for DNS discovery☆350Updated last year
- Web Application Security Testing Tools☆230Updated 6 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆523Updated 9 months ago
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆287Updated last year