Pinned Repositories
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
easyxss
A simple threading-based tool to find reflection in parameters of multiple URLs for cross-site scripting identification.
fraudCheck
GemScanner
GemScanner identifies depreciated versions of gems in your ruby on rails project ( Gemfile.lock ) and notifies about their latest version.
rails-research
s1domains
Do subdomain scanning like agent 47
VT-Scrape
VT-Scrape tool that uses the API of https://www.virustotal.com to find the URL's that can help in information gathering phase.
Vulnhub-Machine-Dr34d
Official Writeup of Vulnhub Dr34d Machine
Splint3r7's Repositories
Splint3r7/s1domains
Do subdomain scanning like agent 47
Splint3r7/easyxss
A simple threading-based tool to find reflection in parameters of multiple URLs for cross-site scripting identification.
Splint3r7/rails-research
Splint3r7/subdomainsEnumerator
A docker image which will enumerate, sort and unique the results of various subdomains enumeration tools.
Splint3r7/fraudCheck
Splint3r7/Vulnhub-Machine-Dr34d
Official Writeup of Vulnhub Dr34d Machine
Splint3r7/Anon-Exploiter
Splint3r7/AssetFinder
Splint3r7/awesome-ruby-security
Awesome Ruby Security resources
Splint3r7/dora
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Splint3r7/dr34d
Recon tool by Hassan Khan Yusufzai
Splint3r7/express
Fast, unopinionated, minimalist web framework for node.
Splint3r7/grapghql-rails
Learning graphql for pentesting
Splint3r7/Insecure-Firebase-Exploit
A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.
Splint3r7/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Splint3r7/npm-account-hijacking-scanner
Identify NPM dependencies vulnerable to account hijacking
Splint3r7/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Splint3r7/openvpn-install
OpenVPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE, Amazon Linux 2 and Raspberry Pi OS
Splint3r7/Pyrebase
A simple python wrapper for the Firebase API.
Splint3r7/RailsRoutes
Ruby on Rails Routes for Parsing and Penetration Testing
Splint3r7/rubyonrails-buggyapp
Ruby on rails buggy web application
Splint3r7/safecd
Splint3r7/schemasafe
A reasonably safe JSON Schema validator with draft-04/06/07/2019-09/2020-12 support.
Splint3r7/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Splint3r7/Splint3r7
Splint3r7/strscan
Provides lexical scanning operations on a String.
Splint3r7/truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Splint3r7/Vajra
Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.
Splint3r7/wordlists2
wordlists2
Splint3r7/XSStrike
Most advanced XSS scanner.