xscorp/jsmug

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xscorp/jsmug)

xscorp / jsmug

A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON

☆115

Alternatives and similar repositories for jsmug

Users that are interested in jsmug are comparing it to the libraries listed below

Sorting:

Moopinger / smugglefuzz
View on GitHub
A rapid HTTP downgrade smuggling scanner written in Go.
☆313May 16, 2024Updated last year
Moopinger / CLZero
View on GitHub
A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
☆90Feb 3, 2024Updated 2 years ago
ivision-research / burpscript
View on GitHub
☆64Oct 17, 2025Updated 4 months ago
Geeoon / asploit
View on GitHub
One line command and control backdoors for APIs and web applications.
☆51Apr 9, 2024Updated last year
redrays-io / SAP-Threat-Modeling
View on GitHub
The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP syst…
☆51Mar 7, 2025Updated 11 months ago
ZephrFish / ChunkyIngress
View on GitHub
Leverages B64 chunks to split files and save to clipboard
☆26Dec 7, 2025Updated 2 months ago
random-robbie / grayhatwarfare-docs-finder
View on GitHub
Finds Documents On Cloud Assets Using grayhatwarfare API for short urls
☆23Mar 2, 2022Updated 4 years ago
Ry0taK / first-sequence-sync
View on GitHub
☆36Jun 21, 2024Updated last year
nstarke / bootfuzz
View on GitHub
A MBR Fuzzer
☆31Apr 3, 2024Updated last year
caido-community / Chatio
View on GitHub
An AI-powered assistant for hackers and security professionals built for Caido
☆31Jan 24, 2026Updated last month
dwisiswant0 / unch
View on GitHub
Hides message with invisible Unicode characters
☆95Sep 29, 2024Updated last year
fransr / unpack-burp
View on GitHub
For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)
☆54Feb 26, 2025Updated last year
Tomiwa-Ot / py-amsi
View on GitHub
Scan strings or files for malware using the Windows Antimalware Scan Interface
☆30Mar 24, 2023Updated 2 years ago
vrechson / copy-to-bcheck
View on GitHub
BurpSuite extension to convert requests into bcheck scripts
☆33Jul 18, 2023Updated 2 years ago
CyberRoute / scanme
View on GitHub
A Golang package for scanning private and public IPs for open TCP ports 👁️
☆117Mar 13, 2025Updated 11 months ago
burgerhalva / All-in-Fuzzer
View on GitHub
All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body
☆36Dec 13, 2025Updated 2 months ago
dwisiswant0 / cve-2023-50164-poc
View on GitHub
Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
☆57Dec 18, 2023Updated 2 years ago
0xNslabs / CanaryTokenScanner
View on GitHub
Detects CanaryTokens in Office docs and PDFs (docx, xlsx, pptx, pdf) without triggering alerts
☆128Dec 23, 2025Updated 2 months ago
JoshMorrison99 / isXSS-Burp
View on GitHub
Passively check for XSS character encodings
☆18Updated this week
mqst / gouge
View on GitHub
Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp…
☆28Jul 21, 2024Updated last year
shriyanss / subdomains_wordlist
View on GitHub
Subdomains wordlist generted from subdomains of public bug bounty programs
☆11Mar 25, 2025Updated 11 months ago
rung / terraform-provider-cmdexec
View on GitHub
Terraform provider for command execution
☆12Mar 16, 2020Updated 5 years ago
PortSwigger / encode-ip
View on GitHub
Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.
☆11Sep 22, 2023Updated 2 years ago
boringtools / git-alerts
View on GitHub
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
☆228Feb 25, 2026Updated last week
devanshbatham / rayder
View on GitHub
A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
☆300Sep 8, 2023Updated 2 years ago
ambionics / wrapwrap
View on GitHub
Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.
☆236Oct 8, 2024Updated last year
kudelskisecurity / fuzzomatic
View on GitHub
Automatically fuzz Rust projects from scratch
☆59Jul 8, 2025Updated 7 months ago
ptr-yudai / House-of-Husk
View on GitHub
PoC for House of Husk Exploit
☆13Apr 3, 2020Updated 5 years ago
devanshbatham / headerpwn
View on GitHub
A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers
☆356Dec 14, 2023Updated 2 years ago
GJDuck / EnvFuzz
View on GitHub
Fuzz anything with Program Environment Fuzzing
☆398Jan 31, 2025Updated last year
trap-bytes / gourlex
View on GitHub
Gourlex is a simple tool that can be used to extract URLs and paths from web pages.
☆245Mar 28, 2024Updated last year
blackbird-eu / community-scripts
View on GitHub
A set of open-source community scripts
☆65Oct 12, 2024Updated last year
dwisiswant0 / ngocok
View on GitHub
ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.
☆113Jan 4, 2024Updated 2 years ago
KTH-LangSec / server-side-prototype-pollution
View on GitHub
A collection of Server-Side Prototype Pollution gadgets and exploits
☆225Feb 6, 2025Updated last year
OsmanKandemir / web-wordlist-generator
View on GitHub
WEB-Wordlist-Generator creates related wordlists after scanning your web applications.
☆52May 26, 2024Updated last year
doyensec / oidc-ssrf
View on GitHub
An Evil OIDC Server
☆53Oct 19, 2022Updated 3 years ago
aels / CVE-2022-2586-LPE
View on GitHub
CVE-2022-2586: Linux kernel nft_object UAF
☆20Sep 3, 2022Updated 3 years ago
syncwithali / HavocExploit
View on GitHub
A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc.
☆37Nov 16, 2023Updated 2 years ago
vchan-in / CVE-2023-35078-Exploit-POC
View on GitHub
CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC
☆118Jul 29, 2023Updated 2 years ago