Pinned Repositories
Awesome-Hacking-Resources
A collection of hacking / pentetration testing resources to make you better!
burplist
BurpSmartBuster
A Burp Suite content discovery plugin that add the smart into the Buster!
CT_subdomains
An hourly updated list of subdomains gathered from certificate transparency logs
CTF-Difficulty
This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
domain-scan
A local or Lambda-based pipeline for scanning domains to measure things like HTTPS and accessibility.
domdig
DOM XSS scanner for Single Page Applications
fronter
Find frontable domains
Open_OSINT_Team_Links
Links for the Open OSINT Slack Team
SPSE
SPSE Exercises
Hax0rG1rl's Repositories
Hax0rG1rl/Financial-Cibersecurity-Analysis
Hax0rG1rl/actuator-testbed
A vulnerable application exposing Spring Boot Actuators
Hax0rG1rl/AutoRecon
Simple shell script for automated domain recognition with some tools
Hax0rG1rl/awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
Hax0rG1rl/awesome-gatsby
⚛️ 📄 🚀 Awesome list for the mighty Gatsby.js, a blazing fast React static site generator.
Hax0rG1rl/benchmarks
CIS Benchamarks Mirror
Hax0rG1rl/Blisqy
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Hax0rG1rl/bonesi
BoNeSi - the DDoS Botnet Simulator
Hax0rG1rl/burpcollaborator-docker
This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.
Hax0rG1rl/Commodity-Injection-Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Hax0rG1rl/CrossSiteContentHijacking
Content hijacking proof-of-concept using Flash, PDF and Silverlight
Hax0rG1rl/deduplicate
Remove duplicate urls from input
Hax0rG1rl/djangohunter
Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.
Hax0rG1rl/fdns
Concurrent Rapid7 FDNS dataset parser
Hax0rG1rl/ffuf
Fast web fuzzer written in Go
Hax0rG1rl/inception
A highly configurable tool to check for whatever you like against any number of hosts.
Hax0rG1rl/Jspathextractor
Jspathextractor is an Burp Suite extension that extract hidden paths from js files and beatify it for futher reading.
Hax0rG1rl/LeakGAN
The codes of paper "Long Text Generation via Adversarial Training with Leaked Information" on AAAI 2018. Text generation using GAN and Hierarchical Reinforcement Learning.
Hax0rG1rl/MatchandReplace
Match and Replace script used to automatically generate JSON option file to BurpSuite
Hax0rG1rl/my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Hax0rG1rl/nginx-quick-reference
This notes describes how to improve Nginx performance, security and other important things.
Hax0rG1rl/recursebuster
rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
Hax0rG1rl/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
Hax0rG1rl/spyse.py
Python API wrapper and command-line client for the tools hosted on spyse.com.
Hax0rG1rl/tfsc
Automated tool to find backup files that may disclose the website's source code
Hax0rG1rl/tslint-angular-security
TSLint rules for Angular
Hax0rG1rl/vcr
Vulnerability Compliance Report Tool used to parse Nessus files into html reports created by SynerComm, Inc.
Hax0rG1rl/vuldash
Vulnerability Dashboard
Hax0rG1rl/WAF-bypass-Cheat-Sheet
Another way to bypass WAF Cheat Sheet (draft)
Hax0rG1rl/WordpressPingbackPortScanner
WordpressPingbackPortScanner