Stars
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Convolutional neural network for analyzing pentest screenshots
Check subdomains for subdomain takeovers and other DNS tomfoolery
Identifies the bytes that Microsoft Defender flags on.
Top disclosed reports from HackerOne
Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A CI/CD-verified list of the internet's known-good public DNS servers (from public-dns.info) Updated weekly!
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
A recursive internet scanner for hackers. 🧡
Accurately separates a URL’s subdomain, domain, and public suffix, using the Public Suffix List (PSL).
Python implementation of Nist SP 800-108 KDF in Counter Mode
Python driver for Wappalyzer, a web application detection utility.
🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
A SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses!
Collection of offensive tools targeting Microsoft Azure
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
I leverage OpenAI and ChatGPT to do hackerish things
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
A library for detecting known secrets across many web frameworks
Check whether an IP address or hostname belongs to popular cloud providers