Pinned Repositories
Awesome-Hacking-Resources
A collection of hacking / pentetration testing resources to make you better!
burplist
BurpSmartBuster
A Burp Suite content discovery plugin that add the smart into the Buster!
CT_subdomains
An hourly updated list of subdomains gathered from certificate transparency logs
CTF-Difficulty
This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
domain-scan
A local or Lambda-based pipeline for scanning domains to measure things like HTTPS and accessibility.
domdig
DOM XSS scanner for Single Page Applications
fronter
Find frontable domains
Open_OSINT_Team_Links
Links for the Open OSINT Slack Team
SPSE
SPSE Exercises
Hax0rG1rl's Repositories
Hax0rG1rl/automatic-api-attack-tool
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
Hax0rG1rl/cloud-service-enum
Hax0rG1rl/crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Hax0rG1rl/cyberchef-recipes
A list of cyber-chef recipes
Hax0rG1rl/dirble
Fast directory scanning and scraping tool
Hax0rG1rl/dnsprobe
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Hax0rG1rl/dufflebag
Search exposed EBS volumes for secrets
Hax0rG1rl/endpointdiff
Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.
Hax0rG1rl/flan
A pretty sweet vulnerability scanner
Hax0rG1rl/gmapsapiscanner
Hax0rG1rl/go-csp-collector
A CSP collector written in Golang
Hax0rG1rl/hostinjector
Multithreaded Host Header Redirection Scanner
Hax0rG1rl/java-sec-code
Java web common vulnerabilities and security code that are base on SpringBoot and SpringSecurity.
Hax0rG1rl/Jiraffe
One stop place for exploiting Jira instances in your proximity
Hax0rG1rl/LiveTargetsFinder
Generates lists of live hosts and URLs for targeting, automating the usage of Massdns and Masspy to filter out unreachable hosts
Hax0rG1rl/LKWA
Lesser Known Web Attack Lab
Hax0rG1rl/Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
Hax0rG1rl/owasp-threat-dragon-desktop
An installable desktop variant of OWASP Threat Dragon
Hax0rG1rl/padding-oracle-attacker
🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
Hax0rG1rl/ParamSpider
Mining parameters from dark corners of Web Archives
Hax0rG1rl/php-jpeg-injector
Injects php payloads into jpeg images
Hax0rG1rl/postwoman
👽 API request builder - A free, fast, and beautiful alternative to Postman https://postwoman.io
Hax0rG1rl/privatecollaborator
A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Hax0rG1rl/prowler
AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf
Hax0rG1rl/pwndoc
Pentesting report generator
Hax0rG1rl/Rekon
The project contains multiple shell scripts for automating the tasks which most of the hackers struggle during their recon phase.
Hax0rG1rl/svm
Program to perform vulnerability analysis and automatically generate a report
Hax0rG1rl/the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
Hax0rG1rl/webpack-exploder
Unpack the source code of React and other Webpacked apps!
Hax0rG1rl/www-project-web-security-testing-guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.