1481 Open source projects that are alternatives of or similar to Dalfox

No description or website provided.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Powerfull XSS Scanning and Parameter analysis tool&gem

Cross-site scripting labs for web application security enthusiasts

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Advanced dork Search & Mass Exploit Scanner

Cross Origin Resource Sharing MisConfiguration Scanner

Automated NoSQL database enumeration and web application exploitation tool.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

scopelint checks for unpinned variables in go programs

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

An automated target reconnaissance pipeline.

Automating XSS using Bash

Hacking tools

pentest framework

The Swiss Army knife for automated Web Application Testing

A list of useful payloads for Web Application Security and Pentest/CTF

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Fast and customizable vulnerability scanner For JIRA written in Python

Toolset for detecting reflected xss in websites

Http request smuggling vulnerability scanner

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

XSS Payload without Anything.

a Go code to detect leaks in JS files via regex patterns

CloudFlare Checker written in Go

A fast DOM based XSS vulnerability scanner with simplicity.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

WEB SERVICE SECURITY ASSESSMENT TOOL

Web path scanner

A tool to check a bunch of URLs that contain reflecting params.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Top disclosed reports from HackerOne

Enrich `go test` outputs with text decorations.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

WAScan - Web Application Scanner

Scans TYPO3 extensions for usage of deprecated and or changed code

Nuubi Tools (Information-ghatering|Scanner|Recon.)

GO GitHub project manager

Pentest: Subdomains enumeration tool for penetration testers.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

XSS in pastebin.com and reddit.com via unsanitized markdown output

Turn your REST API into GraphQL - A Proxy Server that pipes request from GraphQL to REST with GraphQL DSL, performant nested children, mutations, input types, and more.

Web Application Security Scanner Framework

A big list of Android Hackerone disclosed reports and other resources.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

List of advanced XSS payloads

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

一个基于Koa2的轻量级RESTful API Server脚手架。

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Mining parameters from dark corners of Web Archives

All about bug bounty (bypasses, payloads, and etc)

Multi Tool Subdomain Enumeration

A list of resources for those interested in getting started in bug bounties

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.