Stars
Nafeed-Broken-Link: A Python tool designed to check for broken social media links on a given domain. This script crawls all accessible pages of a specified domain and identifies social media links,…
A modern tool written in Python that automates your xss findings.
A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and…
A simple script just made for self use for bypassing 403
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
SSRF (Server Side Request Forgery) testing resources
Python script to parse JSON data exported from SHODAN nad create IP:PORT list to use with other tools
Tools and methods that I personally use for Recon and Exploitations
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files.
3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company
eslam3kl / Shodomain
Forked from SmoZy92/ShodomainShodan subdomain finder
Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for diff…
isira-adithya / reflector
Forked from elkokc/reflectorBurp plugin able to find reflected XSS on page in real-time while browsing on site
Nuclei Templates Collection
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
A repository with 3 tools for pwn'ing websites with .git repositories available
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Some files for bruteforcing certain things.
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
A tool to check a bunch of URLs that contain reflecting params.
Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.