Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
☆101Nov 6, 2025Updated 5 months ago
Alternatives and similar repositories for hfuzz
Users that are interested in hfuzz are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Promocode wordlist☆44Feb 4, 2025Updated last year
- Custom wordlist, updated regularly☆131Apr 8, 2026Updated last week
- ☆35Aug 2, 2022Updated 3 years ago
- Simple bash Oneliners to make life easier☆63Oct 16, 2020Updated 5 years ago
- aws cli pentesting/red team snippets☆33Jan 12, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 1337 Wordlists for Bug Bounty Hunting☆944Updated this week
- ☆38Dec 10, 2023Updated 2 years ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- Automated Tool for Testing Header Based Blind SQL Injection☆323Jul 23, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆584Sep 25, 2025Updated 6 months ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆298Sep 8, 2023Updated 2 years ago
- Passively check for XSS character encodings☆18Mar 9, 2026Updated last month
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago
- For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)☆54Feb 26, 2025Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Real world bug bounty wordlists☆116Jul 20, 2023Updated 2 years ago
- Bcheck scripts for Burp☆29Aug 7, 2024Updated last year
- JsValidator is a tool created for validating the JS files after crawlling it from waybackurls☆20Mar 13, 2023Updated 3 years ago
- bounty collection☆43Sep 1, 2024Updated last year
- Collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, …☆27May 9, 2022Updated 3 years ago
- [Custom || Automated] Curation & Collection of BugBounty Wordlists☆68Updated this week
- Your subdomains are free for the taking - no API key, no mistaking! 🕺☆37Feb 27, 2023Updated 3 years ago
- ☆421Mar 26, 2026Updated 3 weeks ago
- Downlaod all the nuclei Templates created from many Bug Hunters☆29May 25, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆869Dec 26, 2025Updated 3 months ago
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆38Feb 15, 2026Updated 2 months ago
- De-clutter a list of URLs☆386Mar 8, 2026Updated last month
- uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl☆52Nov 3, 2025Updated 5 months ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆384May 19, 2023Updated 2 years ago
- Find subdomains with GPT, for free☆353Apr 18, 2024Updated last year
- Real-world infosec wordlists, updated regularly☆1,736Updated this week
- Generate tens of thousands of subdomain combinations in a matter of seconds☆275Sep 25, 2023Updated 2 years ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Sep 22, 2023Updated 2 years ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- ♥☆191Sep 7, 2025Updated 7 months ago
- Discover hidden debugging parameters and uncover web application secrets☆246Feb 4, 2026Updated 2 months ago
- A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it☆50Nov 5, 2025Updated 5 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,543Mar 8, 2026Updated last month
- A path-normalization pentesting tool.☆153Apr 2, 2026Updated 2 weeks ago
- Rockyou for web fuzzing☆3,113Mar 11, 2026Updated last month
- i will upload more templates here to share with the comunity.☆569Apr 17, 2024Updated last year