whalebone7

rookie Penetration Tester | Hacker.

Pinned Repositories

BlastinFire
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Language:Python0 0 00
CertSub
CertSub is a Bash command-line tool that extracts subdomains associated with a domain name. It uses crt.sh to perform a search and returns a sorted, unique list. It's useful for reconnaissance, identifying attack vectors, or gaining insight into subdomains.
Language:Shell5 1 00
CveLooker
This light weight tool allows you to search for Common Vulnerabilities and Exposures (CVEs) based on a vulnerability keyword and an optional year filter.
Language:Shell4 1 01
EagleEye
To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run ./ee.sh -f "path/to/index_screenshot.txt" -k "hacked" and the script will filter the URLs that contain the reflective XSS payload (For Example: cPanel CVE-2023-29489 ) in their screenshots.
Language:Shell7 1 01
FfufMaster
Run ffuf with the appropriate options to brute-force the directories using the awesome different wordlists.
Language:Shell23 2 05
GitSniff
GitSniff searches for a specific keyword in the code of GitHub repositories using an access token, and reports back the repository name, owner, and path where the keyword was found. It is useful for bug bounty hunters to find vulnerable code and potential security issues in repositories.
Language:Shell6 1 11
hackerone-reports
Top disclosed reports from HackerOne
Language:Python0 0 00
hs
`hs` organizes subdomains into separate files based on their status codes and stores them in a "sorted" directory. It simplifies subdomain management and helps users quickly identify and access subdomains based on their respective status codes.
Language:Shell4 1 00
IP-checker
IP Checker is a Bash tool that checks if an IP address or a list of IP addresses in a file contains a specified keyword in its HTTP response. It is useful for bug bounty hunters and security researchers to quickly identify potential vulnerabilities in web applications. # It can also be ran against alive websites
Language:Shell5 1 00
Jsser
javascript bookmarklet that parses javascript loaded in the browser to find hidden paths.
0 1 00

whalebone7's Repositories

whalebone7/CertSub
CertSub is a Bash command-line tool that extracts subdomains associated with a domain name. It uses crt.sh to perform a search and returns a sorted, unique list. It's useful for reconnaissance, identifying attack vectors, or gaining insight into subdomains.
Language:Shell5 1 00
whalebone7/kssti
This tool scans URLs for Server-Side Template Injection (SSTI) vulnerabilities by injecting specific values and checking if "4584996" appears in the response.
Language:Go3 1 01
whalebone7/Dorking-PenTestingHN
Automating the SQL/XSS Injection through GooglE/Github dorks for bug bounty
Language:Python1 0 0
whalebone7/Web_Hacking_mehdi0x90
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
1 0 0
whalebone7/BChecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
0 0 00
whalebone7/gretire
Language:Go0 1 00
whalebone7/hackerone-reports
Top disclosed reports from HackerOne
Language:Python0 0 00
whalebone7/Jsser
javascript bookmarklet that parses javascript loaded in the browser to find hidden paths.
0 1 00
whalebone7/aa
Lotsec coffin bsqli tool
1 1
whalebone7/aem-hacker
Language:Python0 0
whalebone7/Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
0 0
whalebone7/bounty-targets-data__
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
1
whalebone7/cero__
Scrape domain names from SSL certificates of arbitrary hosts
Language:Go0 0
whalebone7/fuzz4bounty
1337 Wordlists for Bug Bounty Hunting
0 0
whalebone7/H1-Scopy__
Hackerone API Integeration
whalebone7/http-garden
Differential testing and fuzzing of HTTP servers and proxies
Language:Python0 0
whalebone7/http2smugl
Language:Go0 0
whalebone7/jsql-injection
jSQL Injection is a Java application for automatic SQL database injection.
Language:Java0 0
whalebone7/jwt-secrets
0 0
whalebone7/nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Language:Python0 0
whalebone7/pegasus
Pegasus Workflow Management System - Automate, recover, and debug scientific computations.
Language:Java0 0
whalebone7/Penetration-List_albusSec
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-depth theory sections. Visit our Medium profile for more information.
Language:Python0 0
whalebone7/PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Language:Python0 0
whalebone7/picker
Language:Python0 0
whalebone7/publications___
several documentations for security researching
whalebone7/scrapts
Scrapts Scrapts Scrapts
Language:Shell0 0
whalebone7/shodan-dorks__
Shodan Dorks
0 0
whalebone7/ultimate
huge csv from trickest
1 0
whalebone7/wBroswer
This leight browser is hacker tweaked version of https://github.com/rahul2002m/Browser/blob/main/Browser.py, to allow burp interception.
Language:Python1 0
whalebone7/Web-Security-Academy-Series_Rana_Notes
Thank you Rana Khalil
Language:Python0 0