codingo
Vice President, Security Operations and Researcher Success @ Bugcrowd
@bugcrowd Brisbane, Australia
Pinned Repositories
bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
BibWord
Microsoft Word and Bibliography Styles extender.
crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
DNSCewl
A DNS Bruteforcing Wordlist Generator
dorky
A tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
OSCP-2
Collection of things made during my OSCP journey
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
VHostScan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
codingo's Repositories
codingo/bug-bounty-dorks
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
codingo/Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better!
codingo/hacks
A collection of hacks and one-off scripts
codingo/BurpSuite-Asset_Discover
Burp Suite extension to discover assets from HTTP response.
codingo/certasset
Takes ip range, Scan all open SSL Certs, Grab Cnames
codingo/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
codingo/pwn_jenkins
Notes about attacking Jenkins servers
codingo/Red-Team-Infrastructure
Tooling and commands for common red team and Infrastructure testing tasks
codingo/ssrf-playground
A playground to practice SSRF Attacks against web apps
codingo/takeover
Sub-Domain TakeOver Vulnerability Scanner
codingo/watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
codingo/XSS-Payloads
List of XSS Vectors/Payloads
codingo/xssfinder
Toolset for detecting reflected xss in websites
codingo/attack-surface-detector-burp
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
codingo/cloud_metadata_ips
List of special metadata IPs used in cloud services
codingo/plz-secrets
codingo/securityheaders
Python script to check HTTP security headers
codingo/2ndOrder
Chrome extension to inspect and find domains that don't resolve or have expired
codingo/BeRoot
Privilege Escalation Project - Windows / Linux / Mac
codingo/iheartreporting
Reporting Tips for Penetration Testers
codingo/shania
Scan secrets from Continuous Integration Build Logs
codingo/subjack
Hostile Subdomain Takeover tool written in Go
codingo/tko-subs
A tool that can help detect and takeover subdomains with dead DNS records
codingo/WeblogicScanLot
WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2
codingo/bettercap
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and attacks.
codingo/bounty-targets-data
This repo contains hourly-updated data dumps of Hackerone/Bugcrowd scopes that are eligible for reports
codingo/CVE-2018-15473-Exploit
Exploit written in Python for CVE-2018-15473 with threading and export formats
codingo/eslint-utils
Utilities for ESLint plugins and custom rules.
codingo/kostebek
codingo/prototype
Temporary repository used for prototyping the core framework.