Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
☆407Apr 22, 2026Updated last week
Alternatives and similar repositories for fuzz
Users that are interested in fuzz are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This tool can be used to brute discover GET and POST parameters☆1,395Aug 24, 2019Updated 6 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆472Nov 14, 2019Updated 6 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,489Oct 12, 2024Updated last year
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,927Sep 27, 2021Updated 4 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- Security checks pack for Burp Suite☆140Feb 8, 2018Updated 8 years ago
- ☆44Sep 28, 2016Updated 9 years ago
- Takes ip range, Scan all open SSL Certs, Grab Cnames☆113Sep 23, 2018Updated 7 years ago
- Git All the Payloads! A collection of web attack payloads.☆3,934May 15, 2023Updated 2 years ago
- Open Redirect Payloads☆656Oct 12, 2024Updated last year
- Exploitation for XSS☆734Aug 5, 2021Updated 4 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,154Dec 16, 2024Updated last year
- A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.☆549Jun 12, 2017Updated 8 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆740May 4, 2019Updated 6 years ago
- A simple SSRF-testing sheriff written in Go☆337Oct 31, 2024Updated last year
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆337Aug 23, 2019Updated 6 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,799Apr 26, 2024Updated 2 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,173May 26, 2023Updated 2 years ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.☆2,264Jan 8, 2026Updated 3 months ago
- This Repo contains wordlist for subdomain enumeration , php file path, html file path, and js file path☆107Aug 4, 2020Updated 5 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,289Aug 18, 2025Updated 8 months ago
- ☆2,323Dec 8, 2023Updated 2 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Automatic tool for DNS rebinding-based SSRF attacks☆305Aug 21, 2020Updated 5 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆682Jan 28, 2024Updated 2 years ago
- An hourly updated list of subdomains gathered from certificate transparency logs☆346Oct 13, 2021Updated 4 years ago
- ☆122Mar 27, 2017Updated 9 years ago
- ☆162Dec 7, 2017Updated 8 years ago
- A Go implementation of dirsearch.☆43Mar 10, 2019Updated 7 years ago
- Automated blind-xss search for Burp Suite☆284Oct 10, 2019Updated 6 years ago
- Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases☆364Aug 14, 2024Updated last year
- Various tools for managing bug bounty recon and exploration.☆48Dec 8, 2022Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A tiny and cute URL fuzzer☆402Nov 10, 2022Updated 3 years ago
- A collection of custom security tools for quick needs.☆3,290May 1, 2023Updated 2 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆116Mar 29, 2019Updated 7 years ago
- Match and Replace script used to automatically generate JSON option file to BurpSuite☆215May 13, 2019Updated 6 years ago
- Wordlist for content(directory) bruteforce discovering with Burp or dirsearch☆216Oct 12, 2024Updated last year
- Browser's XSS Filter Bypass Cheat Sheet☆1,151May 6, 2017Updated 8 years ago
- BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolu…☆60Oct 8, 2017Updated 8 years ago