Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
☆101Nov 6, 2025Updated 4 months ago
Alternatives and similar repositories for hfuzz
Users that are interested in hfuzz are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Promocode wordlist☆44Feb 4, 2025Updated last year
- Custom wordlist, updated regularly☆128Feb 17, 2026Updated last month
- ☆35Aug 2, 2022Updated 3 years ago
- Simple bash Oneliners to make life easier☆63Oct 16, 2020Updated 5 years ago
- aws cli pentesting/red team snippets☆33Jan 12, 2024Updated 2 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- 1337 Wordlists for Bug Bounty Hunting☆937Updated this week
- ☆38Dec 10, 2023Updated 2 years ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆324Jul 23, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆581Sep 25, 2025Updated 6 months ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆300Sep 8, 2023Updated 2 years ago
- Passively check for XSS character encodings☆18Mar 9, 2026Updated 2 weeks ago
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago
- For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)☆54Feb 26, 2025Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Real world bug bounty wordlists☆116Jul 20, 2023Updated 2 years ago
- Bcheck scripts for Burp☆28Aug 7, 2024Updated last year
- JsValidator is a tool created for validating the JS files after crawlling it from waybackurls☆20Mar 13, 2023Updated 3 years ago
- bounty collection☆42Sep 1, 2024Updated last year
- Collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, …☆27May 9, 2022Updated 3 years ago
- [Custom || Automated] Curation & Collection of BugBounty Wordlists☆66Mar 20, 2026Updated last week
- Your subdomains are free for the taking - no API key, no mistaking! 🕺☆37Feb 27, 2023Updated 3 years ago
- ☆421Jan 13, 2026Updated 2 months ago
- Downlaod all the nuclei Templates created from many Bug Hunters☆29May 25, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- ☆865Dec 26, 2025Updated 3 months ago
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆37Feb 15, 2026Updated last month
- De-clutter a list of URLs☆385Mar 8, 2026Updated 2 weeks ago
- uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl☆52Nov 3, 2025Updated 4 months ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆384May 19, 2023Updated 2 years ago
- Find subdomains with GPT, for free☆354Apr 18, 2024Updated last year
- Real-world infosec wordlists, updated regularly☆1,725Updated this week
- ♥☆186Sep 7, 2025Updated 6 months ago
- Generate tens of thousands of subdomain combinations in a matter of seconds☆273Sep 25, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago
- Discover hidden debugging parameters and uncover web application secrets☆246Feb 4, 2026Updated last month
- A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it☆50Nov 5, 2025Updated 4 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,533Mar 8, 2026Updated 2 weeks ago
- A path-normalization pentesting tool.☆153Jan 22, 2026Updated 2 months ago
- Rockyou for web fuzzing☆3,094Mar 11, 2026Updated 2 weeks ago
- i will upload more templates here to share with the comunity.☆569Apr 17, 2024Updated last year