spwn3r49sd3r00
Security Researcher, AppSec Engineer securing & breaking things one day at a time.
FormAssemblyColorado
Pinned Repositories
ADDVulcan
ADDVulcan satellite hacking solutions for for Hack-A-Sat 2020
AIL-framework
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
Aircraft-Architecture-SecurityReview
akto
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
ansible-Proxy
set Proxy by ansible
logicbomb-reverse-shell
This is a logic-bomb to spawn a reverse shell by opening random network port numbers.
netplan-scripting-with-ansible-bash
Automation using ansible: To configure netplan using bash and ansible.
suricata
Suricata git repository maintained by the OISF
tinyproxy
tinyproxy - a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
spwn3r49sd3r00's Repositories
spwn3r49sd3r00/AIL-framework
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
spwn3r49sd3r00/Aircraft-Architecture-SecurityReview
spwn3r49sd3r00/akto
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
spwn3r49sd3r00/bug-bounty-village-defcon32-workshop
The repo contains all the the notes, slides, and study material for my workshop at DEFCON 32 at the Bug Bounty Village
spwn3r49sd3r00/CVE-2023-0669
CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
spwn3r49sd3r00/dump1090
Dump1090 is a simple Mode S decoder for RTLSDR devices
spwn3r49sd3r00/gungnir
CT Log Scanner
spwn3r49sd3r00/hackerone-reports
Top disclosed reports from HackerOne
spwn3r49sd3r00/hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
spwn3r49sd3r00/J2EEScan
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
spwn3r49sd3r00/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
spwn3r49sd3r00/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
spwn3r49sd3r00/kiterunner
Contextual Content Discovery Tool
spwn3r49sd3r00/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
spwn3r49sd3r00/malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
spwn3r49sd3r00/MicroBurst
A collection of scripts for assessing Microsoft Azure security
spwn3r49sd3r00/parse-url
:rocket: An advanced url parser supporting git urls too.
spwn3r49sd3r00/Prototype-Pollution-Gadgets-Finder
spwn3r49sd3r00/RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
spwn3r49sd3r00/rengine
reNgine
spwn3r49sd3r00/RMS-Runtime-Mobile-Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
spwn3r49sd3r00/scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
spwn3r49sd3r00/sj
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
spwn3r49sd3r00/stride-gpt
An AI-powered threat modeling tool that leverages OpenAI's GPT models to generate threat models for a given application based on the STRIDE methodology.
spwn3r49sd3r00/surf
Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
spwn3r49sd3r00/TokenFinder
Tool to extract powerful tokens from Office desktop apps memory
spwn3r49sd3r00/TrollStore-IPAs
A collection of IPA files from many different sources, for TrollStore!
spwn3r49sd3r00/VhostFinder
Identify virtual hosts by similarity comparison
spwn3r49sd3r00/YOURLS
🔗 The de facto standard self hosted URL shortener in PHP
spwn3r49sd3r00/ysoserial.net
Deserialization payload generator for a variety of .NET formatters