b0llull0s's Stars
gitleaks/gitleaks
Find secrets with Gitleaks 🔑
cure53/DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
aboul3la/Sublist3r
Fast subdomains enumeration tool for penetration testers
WebGoat/WebGoat
WebGoat is a deliberately insecure application
A-poc/RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
six2dez/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Hackplayers/evil-winrm
The ultimate WinRM shell for hacking/pentesting
hakluke/hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
pry0cc/axiom
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
google/AFL
american fuzzy lop - a security-oriented fuzzer
portapack-mayhem/mayhem-firmware
Custom firmware for the HackRF+PortaPack H1/H2/H4
Pennyw0rth/NetExec
The Network Execution Tool
andrew-d/static-binaries
Various *nix tools built as statically-linked binaries
0dayCTF/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
assetnote/wordlists
Automated & Manual Wordlists provided by Assetnote
robotshell/magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
OWASP/OWASP-VWAD
:warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
zacharyweiss/magspoof_flipper
Port of Samy Kamkar's MagSpoof project (http://samy.pl/magspoof/) to the Flipper Zero. Enables wireless emulation of magstripe data, primarily over GPIO, with additional experimental internal TX.
v4d1/Dome
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
DonnchaC/shadowbrokers-exploits
Mirror of Shadowbrokers release from https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
carlospolop/fuzzhttpbypass
This tool use fuuzzing to try to bypass unknown authentication methods, who knows...
ARPSyndicate/bug-bounty-domains
Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]
carlospolop/su-bruteforce
Cyb3rMaddy/CAPTCHA-and-Reverse-Shell
What the name says....
InfoSecREDD/REPG-Community-Payloads
A collection of Encoded Payloads from the Community both for Hak5 & BadUSB Devices
sleepyeinstein/lemma
Remote CLI tools at your fingertips
InfoSecREDD/BTSM-Payloads
BTSM (Behind-the-Scenes Manipulation) Payloads PoC
InfoSecREDD/NET-UP
Network-based Startup Module Framework (Network Dropper)
carlospolop/docker-mitm
InfoSecREDD/RPT-Installer
RPT (REDDs Pentesting Tools) Installer unlocks the native Arch Linux Package Manager on the Steam Deck's SteamOS & Installs a few Tools.