Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
☆101Nov 6, 2025Updated 4 months ago
Alternatives and similar repositories for hfuzz
Users that are interested in hfuzz are comparing it to the libraries listed below
Sorting:
- Promocode wordlist☆43Feb 4, 2025Updated last year
- Custom wordlist, updated regularly☆128Feb 17, 2026Updated 2 weeks ago
- Passively check for XSS character encodings☆18Updated this week
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago
- Bcheck scripts for Burp☆28Aug 7, 2024Updated last year
- Simple bash Oneliners to make life easier☆63Oct 16, 2020Updated 5 years ago
- [Custom || Automated] Curation & Collection of BugBounty Wordlists☆63Updated this week
- For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)☆54Feb 26, 2025Updated last year
- ☆35Aug 2, 2022Updated 3 years ago
- ☆38Dec 10, 2023Updated 2 years ago
- 1337 Wordlists for Bug Bounty Hunting☆932Updated this week
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆300Sep 8, 2023Updated 2 years ago
- Real world bug bounty wordlists☆116Jul 20, 2023Updated 2 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆323Jul 23, 2023Updated 2 years ago
- A powerful Burp extension to make bounty rain☆14Feb 1, 2022Updated 4 years ago
- aws cli pentesting/red team snippets☆32Jan 12, 2024Updated 2 years ago
- Your subdomains are free for the taking - no API key, no mistaking! 🕺☆37Feb 27, 2023Updated 3 years ago
- Discover hidden debugging parameters and uncover web application secrets☆247Feb 4, 2026Updated last month
- bounty collection☆41Sep 1, 2024Updated last year
- Find subdomains with GPT, for free☆353Apr 18, 2024Updated last year
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆382May 19, 2023Updated 2 years ago
- ☆418Jan 13, 2026Updated last month
- ☆20Apr 5, 2023Updated 2 years ago
- JsValidator is a tool created for validating the JS files after crawlling it from waybackurls☆18Mar 13, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆577Sep 25, 2025Updated 5 months ago
- Filter and enrich a list of subdomains by level☆208Sep 25, 2023Updated 2 years ago
- Generate tens of thousands of subdomain combinations in a matter of seconds☆273Sep 25, 2023Updated 2 years ago
- A path-normalization pentesting tool.☆151Jan 22, 2026Updated last month
- Reflected XSS Payload List for Vue.js (2 & 3)☆15Jan 12, 2023Updated 3 years ago
- Workshop & Talk Slide Decks from HackSpaceCon☆26Dec 14, 2025Updated 2 months ago
- De-clutter a list of URLs☆385Feb 3, 2026Updated last month
- A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing☆142Jun 27, 2023Updated 2 years ago
- All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body☆36Dec 13, 2025Updated 2 months ago
- ☆858Dec 26, 2025Updated 2 months ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago
- A Burp extension to Fuzz URLs for HTTP parser inconsistencies☆12Jan 9, 2024Updated 2 years ago
- A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers☆10Oct 2, 2022Updated 3 years ago
- a recon framework that facilitates discovering, scanning and monitoring assets trough a configurable engine running on serverless aws inf…☆12Aug 26, 2024Updated last year