Lists (7)
Sort Name ascending (A-Z)
Stars
My custom created nuclei for SQLi, bugbounty, pentesting
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
A Python script to parse net blocks & domain names from SPF record
A script to extract domain names from Content Security Policy(CSP) headers
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
Automatic SSRF fuzzer and exploitation tool
A recursive internet scanner for hackers.
Collected fuzzing payloads from different resources
SubOwner - A Simple tool check for subdomain takeovers.
Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulation techniques. It also includes fuzzing for HTTP methods an…
Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…
Fetches javascript file from a list of URLS or subdomains.
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
BBT - Bug Bounty Tools
A curated list of awesome infosec courses and training resources.
Insecure Firebase | Bugbounty | Hacking Insecure Firbase
A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "wr…
Automation tool to testing and confirm the xss vulnerability.
🔓 A dynamic dictionary merger for successful dictionary based attacks.