Pinned Repositories
batchql
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
blind-ssrf-chains
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
kiterunner
Contextual Content Discovery Tool
nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
surf
Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
wordlists
Automated & Manual Wordlists provided by Assetnote
altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
bugbountydash
[depreciated] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd
enumXFF
Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
little-doctor
🔥🔥🔥 Out of the Browser into the Fire - Cross platform XSS worm framework 🔥🔥🔥
infosec-au's Repositories
infosec-au/altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
infosec-au/enumXFF
Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
infosec-au/bugbountydash
[depreciated] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd
infosec-au/little-doctor
🔥🔥🔥 Out of the Browser into the Fire - Cross platform XSS worm framework 🔥🔥🔥
infosec-au/fuzzdb
Automatically exported from code.google.com/p/fuzzdb
infosec-au/websec-weekly
The databases, API's and managers behind https://websecweekly.org
infosec-au/webappsec-toolkit
Web Application Security related tools. Includes backdoors, proof of concepts and tricks
infosec-au/phishJS
Abusing trust boundaries to deliver effective phishing payloads
infosec-au/enumapis
Traverse JS files for APIs/Endpoints
infosec-au/52-technologies-in-2016
Let's learn a new technology every week. A new technology blog every Sunday in 2016.
infosec-au/bug-bounty-standards
A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
infosec-au/dirsearch
Web path scanner
infosec-au/PERS
A passive scanning tool for finding expired domain vulnerabilities while you browse.
infosec-au/sonar.js
A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
infosec-au/subbrute
A subdomain enumeration tool for penetration testers.
infosec-au/subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
infosec-au/ActiveScanPlusPlus
ActiveScan++ Burp Suite Plugin
infosec-au/CNA-Registry
Public CNA Registry
infosec-au/proxy.py
Lightweight HTTP Proxy Server in Python
infosec-au/ruxcon-talk
infosec-au/gobuster
Directory/file & DNS busting tool written in Go
infosec-au/sectalks
sectalks
infosec-au/nanomebia_quote_generator
Just some me-me's
infosec-au/xntrik_quote_generator
Shit xntrik Would Say
infosec-au/GeoLite-mmdb-csv
MaxMind's GeoIP2 GeoLite2 Country, City, and ASN databases in MMDB and CSV format updated often
infosec-au/httpcomponents-client
Mirror of Apache HttpClient
infosec-au/gunicorn
gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.
infosec-au/meilisearch-go
Golang wrapper for the MeiliSearch API
infosec-au/next-netlify-starter
infosec-au/awards-site