Alternatives and similar repositories for web-app

Users that are interested in web-app are comparing it to the libraries listed below

• ethicalhackingplayground / Gxss

  View on GitHub
  Tool for checking reflecting Parameters in a URL.
  ☆10Aug 31, 2020Updated 5 years ago
• SilverPoision / a-full-list-of-wordlists

  View on GitHub
  this contain the burp pack
  ☆208Jan 25, 2017Updated 9 years ago
• ajdumanhug / awesome-bug-bounty-tips

  View on GitHub
  A curated list of amazingly bug bounty tips from security researchers around the world.
  ☆104Mar 14, 2019Updated 6 years ago
• BitTheByte / BitBlinder

  View on GitHub
  BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
  ☆117Dec 23, 2025Updated last month
• ND13 / Penetration-Testing-and-Hacking

  View on GitHub
  Collection of tips, tools and tutorials around infosec
  ☆29May 18, 2017Updated 8 years ago
• securitytest3r / frida-ios-app-patching

  View on GitHub
  ☆31Feb 10, 2020Updated 6 years ago
• sd-geek / OSCP

  View on GitHub
  ☆19Apr 29, 2019Updated 6 years ago
• ticarpi / my-pentesting-repo

  View on GitHub
  This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…
  ☆52Mar 2, 2020Updated 5 years ago
• DFC302 / subseeker

  View on GitHub
  A sub-domain enumeration tool
  ☆20May 18, 2020Updated 5 years ago
• wwwarrior / BugBounty

  View on GitHub
  Cheat Sheets, Metodologies etc.
  ☆19Apr 12, 2019Updated 6 years ago
• p3n73st3r / Ghazi

  View on GitHub
  Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…
  ☆107Feb 11, 2019Updated 7 years ago
• shauryasharma-05 / recon619

  View on GitHub
  Automate Recon process using Shell Scripting
  ☆11Nov 26, 2021Updated 4 years ago
• inj3ctor-m4 / WebHackingNotes

  View on GitHub
  RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists
  ☆19Feb 29, 2020Updated 5 years ago
• luke-goddard / LFI-Fuzzer-Burp-Suite

  View on GitHub
  Local File Inclusion Burp-Suite Intruder Payload Generator Plugin
  ☆41Oct 13, 2020Updated 5 years ago
• purabparihar / Web-Application-Pentest-Checklist

  View on GitHub
  ☆23Jun 30, 2021Updated 4 years ago
• jiangsir404 / Xss-Sql-Fuzz

  View on GitHub
  burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
  ☆63Dec 4, 2018Updated 7 years ago
• cybercdh / vpaths

  View on GitHub
  Take a list of URIs and print all the of the paths
  ☆10Aug 16, 2020Updated 5 years ago
• thesnoom / win-sec-check

  View on GitHub
  Tool to enumerate potential security misconfigurations, allowing for privilege escalation on a windows machine.
  ☆11Nov 22, 2019Updated 6 years ago
• toneemarqus / OSCP-notes

  View on GitHub
  ☆11Dec 17, 2023Updated 2 years ago
• w9w / Open_Redirects_list

  View on GitHub
  -
  ☆11Nov 21, 2020Updated 5 years ago
• omurugur / Open_Redirect_Payload_List

  View on GitHub
  Open Redirect Vulnerability Payload List
  ☆10Feb 23, 2021Updated 4 years ago
• laconicwolf / burp-extensions

  View on GitHub
  A collection of scripts to extend Burp Suite
  ☆142Apr 8, 2019Updated 6 years ago
• hetroublehacker / own-the-recon

  View on GitHub
  This repository is created for personal use and added tools from my blog post.
  ☆14Aug 27, 2023Updated 2 years ago
• 0xapt / subzer0

  View on GitHub
  A tool that scans a list of given domains, and returns the status codes for each domain on both port 80 & 443
  ☆17Jan 8, 2021Updated 5 years ago
• Charlie-belmer / subdomain_recon

  View on GitHub
  A subdomain reconnaissance scanner
  ☆36Dec 8, 2022Updated 3 years ago
• aungthurhahein / Red-Team-Curation-List

  View on GitHub
  A list to discover work of red team tooling and methodology for penetration testing and security assessment
  ☆77Mar 8, 2019Updated 6 years ago
• SmitherSec / bug-bounty-resources

  View on GitHub
  Resources I consider useful for security research of web applications
  ☆61Dec 15, 2020Updated 5 years ago
• Dutchosintguy / Blackfriday-Deals-2020

  View on GitHub
  Black Friday deals (Cyber/OSINT/Infosec)
  ☆29Dec 6, 2020Updated 5 years ago
• sublee / sub.sh

  View on GitHub
  $ curl -sL sub.sh | bash
  ☆17Aug 7, 2023Updated 2 years ago
• nemo-wq / privilege_escalation

  View on GitHub
  Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM,…
  ☆16Oct 31, 2019Updated 6 years ago
• citybasebrooks / XSS-Filter-Evasion

  View on GitHub
  XSS payloads to bypass various XSS filters
  ☆13May 1, 2019Updated 6 years ago
• rohit-sonii / Escalating-Self-XSS-to-Account-Takeover

  View on GitHub
  This repository contains complete source code for setting up the environment and exploit code for the vulnerability.
  ☆19Mar 23, 2023Updated 2 years ago
• foobar7 / html-poc

  View on GitHub
  Proof of concept code for client-side vulnerabilities
  ☆17Mar 14, 2019Updated 6 years ago
• vavkamil / BBClip

  View on GitHub
  Bug Bounty Clipboard
  ☆17Nov 6, 2019Updated 6 years ago
• si9int / gDork

  View on GitHub
  A Mozilla Firefox extension which allows quick access to your google-dorking result
  ☆19Jun 18, 2020Updated 5 years ago
• tismayil / rsdl

  View on GitHub
  Subdomain Scan With Ping Method.
  ☆46Dec 12, 2020Updated 5 years ago
• raadfhaddad / Insecure-Deserialization

  View on GitHub
  Insecure Deserialization, PDF and lab
  ☆18Nov 19, 2019Updated 6 years ago
• redhuntlabs / BurpSuite-Asset_Discover

  View on GitHub
  Burp Suite extension to discover assets from HTTP response.
  ☆231Jan 22, 2025Updated last year
• crawl3r / PortswiggerXSS

  View on GitHub
  gathers the XSS cheatsheet payloads and creates a usable wordlist
  ☆74Jan 4, 2021Updated 5 years ago