Effortlessly convert Spotify links to your preferred streaming service

Shodan-Grabber is a Node.js tool for scraping IP addresses and other information from Shodan's web interface. It utilizes Puppeteer for web scraping and handles rate limits by implementing retries …

The Grammar Checker for Developers

A tool for adding new lines to files, skipping duplicates

subdog is a subdomain enumeration tools, this tool collect number of different sources to create a list of root subdomains

Filter list of subdomains by level.

List of Fresh DNS resolvers updates every 1 hour

A secret scanner wrapper to aggregate results across multiple secret scanning tools

Fetches javascript file from a list of URLS or subdomains.

grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications, or arbitrary networks

Semi-automatic OSINT framework and package manager

This tool builds upon their excellent research and service templates while adding additional features and improvements.

ServiceLens is a Python tool for analyzing services linked to Microsoft 365 domains. It scans DNS records like SPF and DMARC to identify services, categorizing them into Email, Cloud, Security, and…

A tool to detect whether a PDF has a bad redaction

Unexpected information 是用于标记请求包中的一些敏感信息、JS接口和一些特殊字段的BurpSuite 插件。

Results from analyzing data gathered from 1.6 billion subdomains

Dnsbruter is a powerful tool designed to perform active subdomain enumeration and discovery. It uses DNS resolution to efficiently bruteforce and identify potential subdomains for a given target do…

Looks for parameters in urls

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

AutoBypass403-BurpSuite 插件二开重构，优化执行逻辑

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

A python script that finds endpoints in JavaScript files

Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our eight supported cloud providers!

Chrome extension for automating CSPT discovery

Exploit for the vulnerability CVE-2024-43044 in Jenkins

Tool for fetching all the available waybackmachine snapshot urls

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.