X-Forwarded-For [403 forbidden] enumeration
☆98May 3, 2024Updated last year
Alternatives and similar repositories for XFFenum
Users that are interested in XFFenum are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This tool is just after the first refactoring pushed. Original is from Will Vandevanter (BuffaloWill). Only rearrange the code which will…☆33Jun 10, 2016Updated 9 years ago
- This tool will scan all the URL's in the file and will provide Content-Length, Status-Code, Server and more.☆36Dec 22, 2021Updated 4 years ago
- Burp Suite Extension to monitor new scope☆200Mar 31, 2021Updated 4 years ago
- Messy BurpSuite plugin for SQL Truncation vulnerabilities.☆63Apr 17, 2020Updated 5 years ago
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆293Aug 23, 2019Updated 6 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- A tool to test working urls.☆43Nov 17, 2020Updated 5 years ago
- Get all possible href | src | url from target url or domain☆40Aug 5, 2020Updated 5 years ago
- A playground to practice SSRF Attacks against web apps☆17Oct 15, 2018Updated 7 years ago
- A Burpsuite extension written in Python to perform basic validation fuzzing�☆11Oct 7, 2022Updated 3 years ago
- PNG IDAT chunks XSS payload generator☆206Oct 11, 2022Updated 3 years ago
- CVE-2018-13379 Script for Nmap NSE.☆12Sep 9, 2020Updated 5 years ago
- Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common m…☆75Mar 22, 2024Updated 2 years ago
- Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.☆41Dec 27, 2019Updated 6 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- take a list of resolved subdomains and output any corresponding CNAMES en masse.☆18Jan 29, 2026Updated 2 months ago
- Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.☆32Sep 20, 2020Updated 5 years ago
- A highly configurable Framework for easy automated web scanning☆382Jul 13, 2020Updated 5 years ago
- Burp extension to generate multi-step CSRF POC.☆31Sep 23, 2019Updated 6 years ago
- Extract metadata with SSRF (Server-Side Request Forgery)☆16Jul 23, 2022Updated 3 years ago
- QUESTER is a Web Pentesting & Bug Bounty Recon tool which queries URLs / Subdomains from the given list of URLs or subdomains.☆15Aug 2, 2021Updated 4 years ago
- Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions☆227Mar 29, 2022Updated 4 years ago
- ☆16May 3, 2021Updated 4 years ago
- CRLFMap is a tool to find HTTP Splitting vulnerabilities☆32Oct 11, 2020Updated 5 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- A Go implementation of dirsearch.☆43Mar 10, 2019Updated 7 years ago
- Second-order subdomain takeover scanner☆403Aug 28, 2025Updated 7 months ago
- A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.☆16Sep 7, 2019Updated 6 years ago
- A tools for JavaScript Recon☆24Jul 25, 2020Updated 5 years ago
- BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JS…☆40Mar 15, 2021Updated 5 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- ☆32Apr 6, 2021Updated 4 years ago
- A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks☆60Aug 30, 2019Updated 6 years ago
- Customisable and automated HTTP header injection☆270Jun 27, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Simple python script to check against hypothetical JWT vulnerability.☆51Nov 29, 2020Updated 5 years ago
- Scan secrets from Continuous Integration Build Logs☆53Oct 14, 2019Updated 6 years ago
- Extract endpoints marked as disallow in robots files to generate wordlists.☆58Mar 2, 2022Updated 4 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆187Aug 3, 2019Updated 6 years ago
- Tool to extract & validate google fcm server keys from apks☆30Jan 20, 2021Updated 5 years ago
- Command line tool for testing CRLF injection on a list of domains.☆163Apr 14, 2024Updated last year
- A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.☆549Jun 12, 2017Updated 8 years ago