njcve's Stars
edoardottt/awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
KathanP19/HowToHunt
Collection of methodology and test case for various web vulnerabilities.
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
KasperskyLab/TinyCheck
TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.
r0oth3x49/ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
odedshimon/BruteShark
Network Analysis Tool
bellingcat/octosuite
GitHub Data Analysis Framework.
danieldurnea/FBI-tools
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
xnl-h4ck3r/waymore
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
Sh1Yo/x8
Hidden parameters discovery suite
Dec0ne/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
n0kovo/n0kovo_subdomains
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
pwnfoo/NTLMRecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
w9w/JSA
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
edoardottt/csprecon
Discover new target domains using Content Security Policy
Th0h0/autossrf
Smart context-based SSRF vulnerability scanner.
sensepost/Frack
Frack - Keep and Maintain your breach data
patrickhener/goshs
A SimpleHTTPServer written in Go, enhanced with features and with a nice design - https://goshs.de
lauritzh/domscan
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
j3ssie/goverview
goverview - Get an overview of the list of URLs
midoxnet/mapperplus
MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.
wdahlenburg/VhostFinder
Identify virtual hosts by similarity comparison
xnl-h4ck3r/LookMark
A browser bookmark to show hidden fields and enable disabled fields on a web page
vitorfhc/spammer
Request every path for every host
JeppW/npm-dependency-confusion-poc
Simple PoC package for testing for dependency confusion vulnerabilities.