# Web Directory Brute Force Tools > Search results for `brute-force directories and files on a web server` on awesome-repositories.com. 119 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/brute-force-directories-and-files-on-a-web-server **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/brute-force-directories-and-files-on-a-web-server).** ## Results - [files-community/files](https://awesome-repositories.com/repository/files-community-files.md) (44,008 ⭐) — Files is a graphical file manager designed to replace the default operating system explorer with a unified, highly configurable environment. It functions as an extensible storage aggregator, normalizing local, cloud, and remote network storage into a single, consistent interface. By hooking into the system shell, the application intercepts navigation requests to provide a seamless, integrated experience for managing diverse file systems. The application distinguishes itself through a dual-pane productivity environment that facilitates efficient cross-directory operations and drag-and-drop wor - [static-web-server/static-web-server](https://awesome-repositories.com/repository/static-web-server-static-web-server.md) (2,269 ⭐) — A cross-platform, high-performance and asynchronous web server for static files-serving. ⚡ - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by a - [hiddify/hiddify-app](https://awesome-repositories.com/repository/hiddify-hiddify-app.md) (30,948 ⭐) — Hiddify is a cross-platform proxy client designed to manage secure network connections and traffic routing across desktop and mobile operating systems. It functions as a unified proxy manager, providing a centralized interface to configure and control various network proxy protocols for encrypted and private internet access. The application distinguishes itself by integrating local loopback interception, which configures the operating system network stack to route traffic through a local port for granular filtering. It also serves as a self-hosted infrastructure tool, enabling users to automa - [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc - [adampflug/express-brute](https://awesome-repositories.com/repository/adampflug-express-brute.md) (568 ⭐) — Brute-force protection middleware for express routes by rate limiting incoming requests - [ccoenraets/force-server](https://awesome-repositories.com/repository/ccoenraets-force-server.md) (49 ⭐) — ForceServer is a simple development server aimed at providing a simple and integrated developer experience when building applications that use Salesforce OAuth and REST services. ForceServer provides two main features: - [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures. The system distinguishes itself through - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio - [dzove855/bash-web-server](https://awesome-repositories.com/repository/dzove855-bash-web-server.md) (999 ⭐) — A purely bash web server, no socat, netcat, etc... - [mebus/cupp](https://awesome-repositories.com/repository/mebus-cupp.md) (5,762 ⭐) — CUPP is a suite of tools for extracting default credentials from aggregated databases, generating password dictionaries from personal data, profiling targets interactively, and expanding wordlists from dictionary sources. It functions as a password dictionary generator and target profiling tool that collects personal details through interactive questions to build custom password lists for security testing. The project distinguishes itself through a modular command pipeline architecture that chains independent subcommands for downloading remote wordlists, parsing structured credential database - [goldbergyoni/nodebestpractices](https://awesome-repositories.com/repository/goldbergyoni-nodebestpractices.md) (105,356 ⭐) — This project provides a comprehensive collection of industry-standard guidelines for developing, testing, and deploying Node.js applications. It covers the entire software lifecycle, offering actionable advice on code style, architectural patterns, and security measures to ensure maintainability and consistency across large-scale codebases. The documentation details strategies for robust error management, containerization, and production readiness. It addresses operational requirements such as observability, scalability, and infrastructure configuration, while providing specific methodologies - [flutter-team-archive/plugins](https://awesome-repositories.com/repository/flutter-team-archive-plugins.md) (17,710 ⭐) — This project is a collection of official plugin packages and a native integration library designed to provide a consistent interface for accessing hardware and software functionality across different mobile and desktop platforms. It serves as a native platform bridge, enabling cross-platform applications to invoke native code and manage operating system dependencies. The project utilizes a federated plugin architecture, splitting plugins into common interfaces and separate platform implementations to allow for independent development and extension. It further supports native integration throu - [projectdiscovery/naabu](https://awesome-repositories.com/repository/projectdiscovery-naabu.md) (5,766 ⭐) — Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet - [pettarin/forced-alignment-tools](https://awesome-repositories.com/repository/pettarin-forced-alignment-tools.md) (940 ⭐) — A collection of links and notes on forced alignment tools - [apsdehal/awesome-ctf](https://awesome-repositories.com/repository/apsdehal-awesome-ctf.md) (11,614 ⭐) — This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert pr - [e2b-dev/awesome-ai-agents](https://awesome-repositories.com/repository/e2b-dev-awesome-ai-agents.md) (25,903 ⭐) — This project is a curated repository and directory focused on the artificial intelligence agent ecosystem. It serves as a centralized knowledge base for developers and researchers to discover frameworks, platforms, and autonomous software entities designed for reasoning, planning, and executing complex tasks. The directory distinguishes itself through a community-driven curation model, where contributors maintain and update the collection via a distributed version control system. This collaborative approach ensures that the index remains current with the latest academic resources, open-source - [sindresorhus/hide-files-on-github](https://awesome-repositories.com/repository/sindresorhus-hide-files-on-github.md) (320 ⭐) — You can customize which files to hide and you can make it more minimal in the extension's options page. - [googlechrome/workbox](https://awesome-repositories.com/repository/googlechrome-workbox.md) (12,895 ⭐) — Workbox is a modular library and toolkit designed for managing service workers in progressive web applications. It provides a comprehensive framework for handling asset caching, request routing, and background script lifecycle management, enabling developers to build web applications that function reliably offline and load efficiently. The project distinguishes itself through a declarative routing engine and a plugin-based architecture that allows for the injection of custom logic into the request and response processing pipeline. It supports advanced caching patterns, such as cache-first or - [shadow1ng/fscan](https://awesome-repositories.com/repository/shadow1ng-fscan.md) (13,421 ⭐) — Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor - [hbmartin/directory-swiftui](https://awesome-repositories.com/repository/hbmartin-directory-swiftui.md) (16 ⭐) — A directory demo app written with SwiftUI, Core Data, and Alamofire - [techarohq/anubis](https://awesome-repositories.com/repository/techarohq-anubis.md) (17,067 ⭐) — Anubis is a command-line security reconnaissance framework designed for subdomain enumeration and attack surface mapping. It functions as a utility for security professionals to identify, catalog, and visualize the external digital footprint of an organization by discovering all subdomains associated with a target domain. The tool distinguishes itself through a modular resolver pipeline that integrates passive reconnaissance from third-party security APIs and public certificate transparency logs. It combines this data with active discovery methods, including recursive DNS brute-forcing and al - [awesome-selfhosted/awesome-selfhosted](https://awesome-repositories.com/repository/awesome-selfhosted-awesome-selfhosted.md) (299,516 ⭐) — This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis - [255kb/stack-on-a-budget](https://awesome-repositories.com/repository/255kb-stack-on-a-budget.md) (12,345 ⭐) — A collection of services with great free tiers for developers on a budget. Sponsored by Mockoon, the best mock API tool. https://mockoon.com - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating ext - [actix/actix-web](https://awesome-repositories.com/repository/actix-actix-web.md) (24,421 ⭐) — Actix Web is an asynchronous web framework designed for building high-performance network services. It provides a foundation for processing concurrent requests through a non-blocking execution model, utilizing an actor-based concurrency system to manage lightweight processes and message passing. The framework includes a low-level networking layer that handles the parsing and serialization of HTTP traffic according to standard specifications. The framework distinguishes itself through a type-safe routing engine that enforces strict data types at compile time, ensuring that request parameters a - [caddyserver/caddy](https://awesome-repositories.com/repository/caddyserver-caddy.md) (73,492 ⭐) — Caddy is an extensible, modular web server platform designed for high-performance traffic management and automated security. At its core, it functions as a dynamic HTTP gateway that handles request routing, static asset delivery, and reverse proxying through a chain of configurable handler modules. The system is built on a modular architecture that allows developers to extend server functionality by registering custom components, all managed through a unified lifecycle and provisioning framework. What distinguishes Caddy is its focus on automated infrastructure and zero-downtime operations. I - [smart-on-fhir/api-server](https://awesome-repositories.com/repository/smart-on-fhir-api-server.md) (111 ⭐) — Open-source FHIR Server to support patient- and clinician-facing apps - [oj/gobuster](https://awesome-repositories.com/repository/oj-gobuster.md) (13,429 ⭐) — Gobuster is a command-line security utility designed for brute-force discovery of hidden infrastructure and content. It operates by systematically testing wordlists against target network services to identify files, directories, subdomains, and cloud storage buckets. The tool utilizes a concurrent worker pool to execute these requests in parallel, ensuring efficient scanning across various network environments. The project distinguishes itself through a modular plugin architecture that supports multiple discovery modes, including HTTP, DNS, and TFTP. This design allows for protocol-agnostic r - [hoffstadt/dearpygui](https://awesome-repositories.com/repository/hoffstadt-dearpygui.md) (15,217 ⭐) — DearPyGui is a GPU-accelerated, immediate-mode graphical user interface framework for Python. It provides a high-performance toolkit for building interactive desktop applications by leveraging native hardware-accelerated rendering backends across multiple operating systems. By utilizing an immediate-mode execution model, the library offers direct control over the rendering loop and element state, enabling the creation of responsive, dynamic interfaces. The framework distinguishes itself through its ability to handle complex, high-frequency visual updates, making it suitable for real-time data - [xmendez/wfuzz](https://awesome-repositories.com/repository/xmendez-wfuzz.md) (6,519 ⭐) — Wfuzz is a web application fuzzing framework that automates the injection of payloads into HTTP requests to discover hidden resources, parameters, and vulnerabilities. It functions as a content discovery scanner, a brute-force tool for credential guessing, and a plugin-based vulnerability scanner, all within a single modular system. The tool distinguishes itself through its plugin-based extensibility, allowing custom Python modules to add new payload sources, output printers, or scanning logic without modifying core code. It supports concurrent request dispatch using thread-based parallelism - [d3/d3-force](https://awesome-repositories.com/repository/d3-d3-force.md) (1,983 ⭐) — Force-directed graph layout using velocity Verlet integration. - [infobyte/faraday](https://awesome-repositories.com/repository/infobyte-faraday.md) (6,523 ⭐) — Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag - [sindresorhus/package-directory](https://awesome-repositories.com/repository/sindresorhus-package-directory.md) (252 ⭐) — Find the root directory of a Node.js project or npm package - [expo/expo](https://awesome-repositories.com/repository/expo-expo.md) (50,111 ⭐) — Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules wit - [sketchplugins/plugin-directory](https://awesome-repositories.com/repository/sketchplugins-plugin-directory.md) (3,385 ⭐) — Official Sketch Plugin directory - [1n3/sn1per](https://awesome-repositories.com/repository/1n3-sn1per.md) (10,049 ⭐) — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan - [aosabook/500lines](https://awesome-repositories.com/repository/aosabook-500lines.md) (29,582 ⭐) — This project is a software engineering educational resource providing a collection of canonical system implementations. It serves as a library of computer science case studies and polyglot code examples designed to demonstrate architectural tradeoffs and design patterns through concise versions of fundamental software components. The repository focuses on studying the implementation of core concepts such as consensus algorithms, interpreters, and database engines. It provides minimal versions of complex systems to facilitate the analysis of language design, data structure implementation, and - [yedhink/bashed-on-a-feeling](https://awesome-repositories.com/repository/yedhink-bashed-on-a-feeling.md) (130 ⭐) — :zap: fast and minimalistic git prompt written in bash - [aboul3la/sublist3r](https://awesome-repositories.com/repository/aboul3la-sublist3r.md) (10,957 ⭐) — Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security - [apify/mcp-server-rag-web-browser](https://awesome-repositories.com/repository/apify-mcp-server-rag-web-browser.md) (204 ⭐) — A MCP Server for the RAG Web Browser Actor - [thekingofduck/fuzzdicts](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md) (8,355 ⭐) — fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL i - [filamentphp/filament](https://awesome-repositories.com/repository/filamentphp-filament.md) (31,215 ⭐) — Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custo - [ignitetechnologies/mindmap](https://awesome-repositories.com/repository/ignitetechnologies-mindmap.md) (8,656 ⭐) — Mindmap is a cybersecurity knowledge base and reference library that organizes security tools, frameworks, and methodologies into a visual knowledge map. It functions as a curated directory of cheat sheets and command guides for offensive and defensive security operations, presented as a hierarchical interface with collapsible nodes. The project converts structured markdown files into navigable visual trees to facilitate the study of penetration testing workflows and DevOps learning roadmaps. It also serves as a security compliance framework, providing structured mappings of NIST and ISO 2700 - [twosixlabs/d3-force-reuse](https://awesome-repositories.com/repository/twosixlabs-d3-force-reuse.md) (131 ⭐) — Faster force-directed graph layouts by reusing force approximations - [beego/beego](https://awesome-repositories.com/repository/beego-beego.md) (32,398 ⭐) — Beego is a high-performance toolkit for building web applications and RESTful APIs using the Go programming language. It is structured as an MVC web framework that separates data models, views, and controllers to organize application logic. The project provides a comprehensive suite of integrated tools, including an object-relational mapper for translating code objects into database tables and a session manager for maintaining user identity and state across server requests. It also includes an internationalization framework for managing multilingual content and translating text based on user - [s0md3v/photon](https://awesome-repositories.com/repository/s0md3v-photon.md) (12,953 ⭐) — Photon is a command-line web crawler designed for security reconnaissance and information gathering. It systematically traverses websites to discover URLs, map domain infrastructure, and identify associated subdomains by retrieving DNS records. The tool distinguishes itself through its ability to perform deep content analysis, including the extraction of sensitive data such as API keys and authentication tokens using user-defined regular expressions. It supports offline inspection by cloning crawled web content to the local filesystem, allowing for structural analysis without additional netwo - [calcom/cal.com](https://awesome-repositories.com/repository/calcom-cal-com.md) (45,760 ⭐) — Cal.com is a comprehensive scheduling infrastructure platform designed to manage availability, booking workflows, and calendar synchronization across multiple users and external services. It provides a backend service for automated appointment scheduling, enabling the creation, confirmation, and management of booking lifecycles through a centralized state machine. The platform also offers embeddable user interface components that allow developers to integrate interactive booking experiences directly into third-party websites. What distinguishes the platform is its extensible app ecosystem and - [sohamkamani/d3-force-gravity](https://awesome-repositories.com/repository/sohamkamani-d3-force-gravity.md) (22 ⭐) — Implement gravitational attraction (or force-field-like repulsion) using d3-force