Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
☆101Nov 6, 2025Updated 6 months ago
Alternatives and similar repositories for hfuzz
Users that are interested in hfuzz are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Promocode wordlist☆45Feb 4, 2025Updated last year
- Custom wordlist, updated regularly☆134Apr 8, 2026Updated 3 weeks ago
- ☆35Aug 2, 2022Updated 3 years ago
- Simple bash Oneliners to make life easier☆63Oct 16, 2020Updated 5 years ago
- aws cli pentesting/red team snippets☆33Jan 12, 2024Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- 1337 Wordlists for Bug Bounty Hunting☆956Updated this week
- ☆38Dec 10, 2023Updated 2 years ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆323Jul 23, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆587Sep 25, 2025Updated 7 months ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆298Sep 8, 2023Updated 2 years ago
- Passively check for XSS character encodings☆19Mar 9, 2026Updated last month
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago
- For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)☆54Feb 26, 2025Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Real world bug bounty wordlists☆118Jul 20, 2023Updated 2 years ago
- Bcheck scripts for Burp☆28Aug 7, 2024Updated last year
- JsValidator is a tool created for validating the JS files after crawlling it from waybackurls☆20Mar 13, 2023Updated 3 years ago
- bounty collection☆43Sep 1, 2024Updated last year
- Collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, …☆27May 9, 2022Updated 3 years ago
- [Custom || Automated] Curation & Collection of BugBounty Wordlists☆69Updated this week
- Your subdomains are free for the taking - no API key, no mistaking! 🕺☆37Feb 27, 2023Updated 3 years ago
- Downlaod all the nuclei Templates created from many Bug Hunters☆29May 25, 2023Updated 2 years ago
- ☆423Mar 26, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆880Dec 26, 2025Updated 4 months ago
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆38Feb 15, 2026Updated 2 months ago
- De-clutter a list of URLs☆387Mar 8, 2026Updated last month
- uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl☆54Nov 3, 2025Updated 6 months ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆384May 19, 2023Updated 2 years ago
- Find subdomains with GPT, for free☆354Apr 18, 2024Updated 2 years ago
- Real-world infosec wordlists, updated regularly☆1,746Updated this week
- Generate tens of thousands of subdomain combinations in a matter of seconds☆275Sep 25, 2023Updated 2 years ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- ♥☆203Sep 7, 2025Updated 7 months ago
- Discover hidden debugging parameters and uncover web application secrets☆248Feb 4, 2026Updated 3 months ago
- A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it☆50Nov 5, 2025Updated 6 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,546Mar 8, 2026Updated last month
- A path-normalization pentesting tool.☆153Apr 2, 2026Updated last month
- Rockyou for web fuzzing☆3,141Mar 11, 2026Updated last month
- i will upload more templates here to share with the comunity.☆570Apr 17, 2024Updated 2 years ago