A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testi…
☆397May 22, 2026Updated last week
Alternatives and similar repositories for agartha
Users that are interested in agartha are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Useful "Match and Replace" burpsuite rules☆371Sep 26, 2023Updated 2 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,515Jan 8, 2026Updated 4 months ago
- Hidden parameters discovery suite☆224Nov 14, 2022Updated 3 years ago
- Nuclei plugin for BurpSuite☆1,328Oct 22, 2025Updated 7 months ago
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzer☆384May 19, 2023Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.☆184Nov 22, 2021Updated 4 years ago
- Automated blind-xss search for Burp Suite☆22Mar 28, 2022Updated 4 years ago
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects☆972Dec 8, 2021Updated 4 years ago
- Hidden parameters discovery suite☆2,065Sep 8, 2024Updated last year
- Astra is a tool to find URLs and secrets inside a webpage/files☆211Mar 14, 2023Updated 3 years ago
- Jeeves SQLI Finder☆215May 13, 2022Updated 4 years ago
- Nuclei Templates to reproduce Cracking the lens's Research☆131Jan 8, 2022Updated 4 years ago
- An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and…☆809May 11, 2026Updated 2 weeks ago
- Awesome list of step by step techniques to achieve Remote Code Execution on various apps!☆1,947Oct 7, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆426May 8, 2026Updated 3 weeks ago
- declutters url lists for crawling/pentesting☆1,557Feb 23, 2025Updated last year
- Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests w…☆635May 17, 2026Updated last week
- 🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…☆1,724Apr 12, 2026Updated last month
- A repository that includes all the important wordlists used while bug hunting.☆1,402Mar 11, 2023Updated 3 years ago
- bypass-url-parser☆1,130May 16, 2026Updated 2 weeks ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆93May 2, 2024Updated 2 years ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆376Jul 25, 2023Updated 2 years ago
- Smart context-based SSRF vulnerability scanner.☆361May 5, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙☆1,836Jun 9, 2024Updated last year
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆1,043Aug 23, 2025Updated 9 months ago
- This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.☆166Mar 5, 2021Updated 5 years ago
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆891May 3, 2023Updated 3 years ago
- Quickly discover exposed hosts on the internet using multiple search engines.☆2,954May 20, 2026Updated last week
- Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…☆1,173Jan 21, 2026Updated 4 months ago
- Burp Extender, ssrf scanner, 自动扫描ssrf漏洞☆46Mar 31, 2021Updated 5 years ago
- fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.☆943Aug 24, 2023Updated 2 years ago
- Never forget where you inject.☆301Aug 15, 2025Updated 9 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Rockyou for web fuzzing☆3,157Mar 11, 2026Updated 2 months ago
- A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration☆79Sep 11, 2020Updated 5 years ago
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆1,081Mar 24, 2026Updated 2 months ago
- Gotator is a tool to generate DNS wordlists through permutations.☆523Jul 17, 2022Updated 3 years ago
- Asset inventory of over 800 public bug bounty programs.☆1,567Feb 14, 2025Updated last year
- Burp extension to create target specific and tailored wordlist from burp history.☆260Dec 8, 2021Updated 4 years ago