Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
☆101Nov 6, 2025Updated 8 months ago
Alternatives and similar repositories for hfuzz
Users that are interested in hfuzz are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Promocode wordlist☆45Feb 4, 2025Updated last year
- Custom wordlist, updated regularly☆149Jun 26, 2026Updated last week
- ☆36Aug 2, 2022Updated 3 years ago
- Simple bash Oneliners to make life easier☆62Oct 16, 2020Updated 5 years ago
- aws cli pentesting/red team snippets☆32Jan 12, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 1337 Wordlists for Bug Bounty Hunting☆968Updated this week
- ☆38Dec 10, 2023Updated 2 years ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆323Jul 23, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆590Sep 25, 2025Updated 9 months ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆304Sep 8, 2023Updated 2 years ago
- Passively check for XSS character encodings☆20Mar 9, 2026Updated 3 months ago
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago
- For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)☆55Feb 26, 2025Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Real world bug bounty wordlists☆118Jul 20, 2023Updated 2 years ago
- Bcheck scripts for Burp☆31Aug 7, 2024Updated last year
- JsValidator is a tool created for validating the JS files after crawlling it from waybackurls☆21Mar 13, 2023Updated 3 years ago
- ☆931Dec 26, 2025Updated 6 months ago
- bounty collection☆45Sep 1, 2024Updated last year
- Collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, …☆29May 9, 2022Updated 4 years ago
- [Custom || Automated] Curation & Collection of BugBounty Wordlists☆72Updated this week
- Your subdomains are free for the taking - no API key, no mistaking! 🕺☆37Feb 27, 2023Updated 3 years ago
- Downlaod all the nuclei Templates created from many Bug Hunters☆30May 25, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆430Jun 29, 2026Updated last week
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆38Feb 15, 2026Updated 4 months ago
- De-clutter a list of URLs☆390Mar 8, 2026Updated 3 months ago
- uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl☆53Nov 3, 2025Updated 8 months ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆386May 19, 2023Updated 3 years ago
- Find subdomains with GPT, for free☆355Apr 18, 2024Updated 2 years ago
- Real-world infosec wordlists, updated regularly☆1,766Jun 28, 2026Updated last week
- Generate tens of thousands of subdomain combinations in a matter of seconds☆277Sep 25, 2023Updated 2 years ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ♥☆217Sep 7, 2025Updated 9 months ago
- Discover hidden debugging parameters and uncover web application secrets☆249Feb 4, 2026Updated 5 months ago
- A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it☆51Nov 5, 2025Updated 8 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,574Mar 8, 2026Updated 3 months ago
- A path-normalization pentesting tool.☆154Apr 2, 2026Updated 3 months ago
- Rockyou for web fuzzing☆3,185Mar 11, 2026Updated 3 months ago
- i will upload more templates here to share with the comunity.☆571Apr 17, 2024Updated 2 years ago