Pinned Repositories
AdvancedKeyHacks
API Key/Token Exploitation Made easy.
Amass
In-depth Attack Surface Mapping and Asset Discovery
AutoRecon
Simple shell script for automated domain recognition with some tools
awesome-bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain. Feel free to fork, and add your own tools.
aws-s3-data-finder
AWS S3 Sensitive Data Search
the-taj's Repositories
the-taj/Amass
In-depth Attack Surface Mapping and Asset Discovery
the-taj/bbht
A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
the-taj/BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
the-taj/Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
the-taj/Bug-Bounty-Scripts
The scripts I write to help me on my bug bounty hunting
the-taj/BurpBounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
the-taj/CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
the-taj/Code-Crawler
Automatic tool using for crawling code to find low-hang fruit vulnerabilities - Based on OWASP Secure Code Review Guide
the-taj/CVE-2020-9757
List of CVEs
the-taj/Emissary
Send notifications on different channels such as Slack, Telegram, Discord etc.
the-taj/GitGot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
the-taj/jaeles
The Swiss Army knife for automated Web Application Testing
the-taj/kenzer
a zulip chatbot (specializing in automated webapp bug hunting)
the-taj/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
the-taj/metabigor
Intelligence tool but without API key
the-taj/migration-notes
migration-notes
the-taj/Needle
Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
the-taj/Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
the-taj/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
the-taj/recon-my-way
This repository created for personal use and added tools from my latest blog post.
the-taj/sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with different websites. A default list is already provided.
the-taj/Sn1per
Automated pentest framework for offensive security experts
the-taj/SourceWolf
Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
the-taj/sub404
A python tool to check subdomain takeover vulnerability
the-taj/SuperTruder
A python3 intruder that gave me bounties, easy to use and as fast as fuff
the-taj/vulnrepo
VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted, security report maker, vulnerability report builder. Complete templates of issues, CWE, CVE, AES encryption, Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability management.
the-taj/watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
the-taj/WebHackersWeapons
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
the-taj/WebHackingNotes
RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists
the-taj/XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities