vavkamil / XFFenum
X-Forwarded-For [403 forbidden] enumeration
☆86Updated 4 months ago
Related projects: ⓘ
- golang tool to scan domains or single domains with know security issues against xmlrpc☆60Updated 10 months ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆166Updated 3 years ago
- Host Header Injection Checker☆77Updated 2 years ago
- CRLF and open redirect fuzzer☆108Updated 3 years ago
- 📚 An ultimate collection wordlists of the best-known CMS☆81Updated 3 months ago
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆130Updated 3 years ago
- A tool for append URLs, skipping duplicates/paths & combine parameters.☆118Updated 2 years ago
- All known and unknown public POC's for wordpress themes and plugins☆78Updated 3 years ago
- Find subdomains and takeovers.☆81Updated last year
- A combined wordlists for files and directory discovery☆115Updated 3 years ago
- Some of my bug bounty tools☆47Updated 4 years ago
- Bug Bounty Dork☆67Updated 2 years ago
- Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, al…☆176Updated 3 years ago
- ☆28Updated 3 years ago
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆106Updated last year
- Wwwordlist is a wordlist generator for pentesters and bug bounty hunters. It extracts words from HTML, URLs, JS/HTTP/input variables, quo…☆100Updated last year
- Generates target specific word lists for Fuzzing with fuff☆107Updated 4 years ago
- ☆51Updated last year
- Get the scope of your bugcrowd programs☆67Updated 3 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆108Updated 2 years ago
- Signatures for jaeles scanner by @j3ssie☆119Updated 4 months ago
- Misc bounty and vulndisc things☆81Updated 3 years ago
- Small tool to automate SSRF wordpress and XMLRPC finder☆78Updated last year
- Match and Replace script used to automatically generate JSON option file to BurpSuite☆213Updated 5 years ago
- ☆184Updated 5 years ago
- Command line tool for testing CRLF injection on a list of domains.☆150Updated 5 months ago
- 4xxbypass☆66Updated 3 years ago
- Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the …☆51Updated 3 years ago
- Webapp to search tips on Twitter through #bugbountytips☆68Updated last year
- Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs☆93Updated 3 years ago