Pinned Repositories
assetfinder
Find domains and subdomains related to a given domain
crt.sh
(Unofficial) Python API for https://crt.sh
httprobe
Take a list of domains and probe for working HTTP and HTTPS servers
MANSPIDER
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
meg
Fetch many paths for many hosts - without killing the hosts
RedEye-1
RedEye is a visual analytic tool supporting Red & Blue Team operations
SecretScanner
Find secrets and passwords in container images and file systems
Utils
A collection of hacks and one-off scripts
waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
sec99's Repositories
sec99/FileFetcher
Fetches js, json, php, txt file from a list of URLS from waybackurls output.
sec99/kiterunner
Contextual Content Discovery Tool
sec99/MineSweeper
Windows user-land hooks manipulation tool.
sec99/amass-to-csv
A simple script that generates an Excel friendly CSV file from an Amass JSON file.
sec99/http2smugl
sec99/wappalyzergo
A high performance go implementation of Wappalyzer Technology Detection Library
sec99/hakcron
Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)
sec99/CVE-2021-22986
CVE-2021-22986 & F5 BIG-IP RCE
sec99/xeuledoc
Fetch information about a public Google document.
sec99/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
sec99/prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.
sec99/cotopaxi
Set of tools for security testing of Internet of Things devices using specific network IoT protocols
sec99/discover
Easy discovery of assets
sec99/vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
sec99/cloudflare-bypass
Bypass Coudflare bot protection using Cloudflare Workers
sec99/cve-2021-3449
CVE-2021-3449 PoC exploit
sec99/OSCP-Exam-Report-Template-Markdown
:orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
sec99/weblogic-framework
weblogic-framework
sec99/RCE-Exploit-in-BIG-IP
sec99/RedTeamTools
记录自己编写、修改的部分工具
sec99/updog
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
sec99/SecretScanner
Find secrets and passwords in container images and file systems
sec99/UACME
Defeating Windows User Account Control
sec99/pystinger
Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
sec99/autowasp
BurpSuite Extension: A one-stop pen testing checklist and logger tool
sec99/AES-Killer
Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
sec99/scrying
A tool for collecting RDP, web and VNC screenshots all in one place
sec99/bbrf-client
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
sec99/opencve
CVE Alerting Platform
sec99/thegreatsuspender-notrack
A chrome extension for suspending all tabs to free up memory, privacy-oriented with no analytics tracking.