Pinned Repositories
awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
Beginners-Guide-to-Obfuscation
noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
Wordlists-2
A collection of wordlists for many different usages.
slooppe's Repositories
slooppe/akto
Instant, Open source API security → API discovery, automated business logic testing and runtime detection.
slooppe/bloodhound-adAnalysis
Automation of Active Directory penetration testing tasks on top of BloodHound CE
slooppe/BloodHound-ce
Six Degrees of Domain Admin
slooppe/burp-awesome-tls
Fixes Burp Suite's poor TLS stack. Bypass WAF, spoof any browser.
slooppe/BurpJSLinkFinder
Burp Extension for a passive scanning JS files for endpoint links.
slooppe/cliam
Cloud agnostic IAM permissions enumerator
slooppe/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
slooppe/cowitness
CoWitness is a powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.
slooppe/cut-cdn
✂️ Striping CDN IPs from a list of IP Addresses
slooppe/GCP-pentest-lab
A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities
slooppe/gpt-engineer
Specify what you want it to build, the AI asks for clarification, and then builds it.
slooppe/graphql-cop
Security Auditor Utility for GraphQL APIs
slooppe/graphql-wordlist
The only graphql wordlists you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
slooppe/GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
slooppe/haktrails
Golang client for querying SecurityTrails API data
slooppe/hate_crack
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
slooppe/JSONBee
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
slooppe/lofl
Living Off the Foreign Land setup scripts
slooppe/MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
slooppe/mitmproxy2swagger
Automagically reverse-engineer REST APIs via capturing traffic
slooppe/PIPE
Prompt Injection Primer for Engineers
slooppe/ProtectMyTooling
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.
slooppe/python-for-OSINT-21-days
In this repository you will find sample code files for each day of the course "Python for OSINT. A 21-day course for beginners".
slooppe/rayder
A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
slooppe/rayder-workflows
Repo for hosting rayder workflows
slooppe/shortnameguesser
A tool to guess the rest of the shortnames provided by vulnerable IIS instances.
slooppe/SpamChannel
Spoof emails from any domain using MailChannels (+2 Million)
slooppe/sus_params
slooppe/unimap
Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
slooppe/wapalyzer
🌐 Identify the technologies powering any website. This is a fork of the now deleted Wappalyzer project by @AliasIO and community.