Matin7697's Stars
hashcat/hashcat
World's fastest and most advanced password recovery utility
GTFOBins/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
openwall/john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
sullo/nikto
Nikto web server scanner
cipher387/osint_stuff_tool_collection
A collection of several hundred online tools for OSINT
EnableSecurity/wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
guelfoweb/knock
Knock Subdomain Scan
Findomain/Findomain
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.
random-robbie/bruteforce-lists
Some files for bruteforcing certain things.
synacktiv/HopLa
HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
appsecco/the-art-of-subdomain-enumeration
This repository contains all the supplement material for the book "The art of sub-domain enumeration"
robre/jsmon
a javascript change monitoring tool for bugbounties
hakluke/haktrails
Golang client for querying SecurityTrails API data
hakluke/hakcheckurl
Takes a list of URLs and returns their HTTP response codes
gwen001/cloudflare-origin-ip
Try to find the origin IP of a webapp protected by Cloudflare.
xnl-h4ck3r/urless
De-clutter a list of URLs
brinhosa/apidetector
APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
corelight/zeek-cheatsheets
Zeek Log Cheatsheets
X1r0z/ActiveMQ-RCE
ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具
Sn1r/Forbidden-Buster
A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk.
d0ge/sign-saboteur
SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
xhzeem/toxicache
Go scanner to find web cache poisoning vulnerabilities in a list of URLs
SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ
Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
maximousblk/callow
Dead simple brute force tool for website login forms
gwen001/github-regexp
Basically a regexp over a GitHub search.
Alikhalkhali/active-ip
🕵️♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.
PatrikFehrenbach/burpsuite-js-extractor
A simple plugin to export JS files from one or multiple targets
gwen001/favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
Vaidik-pandya/Daily-Notes
A Series of Tweets
BJConway/thm_writeups
Write-ups of Try Hack me challenge machines