Pinned Repositories
Amass
In-depth Attack Surface Mapping and Asset Discovery
Awesome-XSS-Payloads
Exotic and uncommon XSS Vectors to hit the target as quickly as possible.
Encrypter-Metasploit
gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
JSpector
A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
PayloadsAllTheThings
ReconAIzer
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
RegExAPI
list of regex for apis
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Wordlist
Wordlists for Bug Bounty
hisxo's Repositories
hisxo/gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
hisxo/ReconAIzer
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
hisxo/JSpector
A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
hisxo/Wordlist
Wordlists for Bug Bounty
hisxo/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
hisxo/PayloadsAllTheThings
hisxo/Awesome-XSS-Payloads
Exotic and uncommon XSS Vectors to hit the target as quickly as possible.
hisxo/Encrypter-Metasploit
hisxo/Amass
In-depth Attack Surface Mapping and Asset Discovery
hisxo/RegExAPI
list of regex for apis
hisxo/BB-legal-FR
Quelques conseils autour des obligations légales, fiscales et juridique pour la pratique du Bug Bounty en France
hisxo/Best-README-Template
An awesome README template to jumpstart your projects!
hisxo/bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
hisxo/github-search
Tools to perform basic search on GitHub.
hisxo/massdns
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
hisxo/rengine
reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.
hisxo/scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
hisxo/truffleHogRegexes
These are the regexes that power truffleHog
hisxo/XSS-Payloads
List of advanced XSS payloads
hisxo/BB-datas
Tools and datas related to bug bounty programs.
hisxo/harp
Static Site Server/Generator with built-in preprocessing
hisxo/Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
hisxo/Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
hisxo/Open-Redirect-Payloads
Open Redirect Payloads
hisxo/recon-raven
Reconnaissance tool of Penetration test & Bug Bounty
hisxo/SundayStreams
Data from my Sunday streams
hisxo/XXE-study
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.