Pinned Repositories
BlastinFire
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
CertSub
CertSub is a Bash command-line tool that extracts subdomains associated with a domain name. It uses crt.sh to perform a search and returns a sorted, unique list. It's useful for reconnaissance, identifying attack vectors, or gaining insight into subdomains.
CveLooker
This light weight tool allows you to search for Common Vulnerabilities and Exposures (CVEs) based on a vulnerability keyword and an optional year filter.
EagleEye
To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run ./ee.sh -f "path/to/index_screenshot.txt" -k "hacked" and the script will filter the URLs that contain the reflective XSS payload (For Example: cPanel CVE-2023-29489 ) in their screenshots.
FfufMaster
Run ffuf with the appropriate options to brute-force the directories using the awesome different wordlists.
GitSniff
GitSniff searches for a specific keyword in the code of GitHub repositories using an access token, and reports back the repository name, owner, and path where the keyword was found. It is useful for bug bounty hunters to find vulnerable code and potential security issues in repositories.
hackerone-reports
Top disclosed reports from HackerOne
hs
`hs` organizes subdomains into separate files based on their status codes and stores them in a "sorted" directory. It simplifies subdomain management and helps users quickly identify and access subdomains based on their respective status codes.
IP-checker
IP Checker is a Bash tool that checks if an IP address or a list of IP addresses in a file contains a specified keyword in its HTTP response. It is useful for bug bounty hunters and security researchers to quickly identify potential vulnerabilities in web applications. # It can also be ran against alive websites
Jsser
javascript bookmarklet that parses javascript loaded in the browser to find hidden links in them.
whalebone7's Repositories
whalebone7/CertSub
CertSub is a Bash command-line tool that extracts subdomains associated with a domain name. It uses crt.sh to perform a search and returns a sorted, unique list. It's useful for reconnaissance, identifying attack vectors, or gaining insight into subdomains.
whalebone7/kssti
This tool scans URLs for Server-Side Template Injection (SSTI) vulnerabilities by injecting specific values and checking if "4584996" appears in the response.
whalebone7/CVE-2023-24489-poc
POC for CVE-2023-24489 with bash.
whalebone7/Dorking-PenTestingHN
Automating the SQL/XSS Injection through GooglE/Github dorks for bug bounty
whalebone7/BChecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
whalebone7/BlastinFire
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
whalebone7/gretire
whalebone7/hackerone-reports
Top disclosed reports from HackerOne
whalebone7/Jsser
javascript bookmarklet that parses javascript loaded in the browser to find hidden links in them.
whalebone7/Bug_Bounty_Tools_and_Methodology_LetDoor
Bug Bounty Tools used on Twitch - Recon
whalebone7/cheatsheetTHC
Collection of knowledge about information security
whalebone7/deepdarkCTI
Collection of Cyber Threat Intelligence sources from the deep and dark web
whalebone7/dorking_baby
https://www.nu11secur1ty.com
whalebone7/fuzz4bounty
1337 Wordlists for Bug Bounty Hunting
whalebone7/google-dorks
Useful Google Dorks for WebSecurity and Bug Bounty
whalebone7/hernan_dorks
Shodan Dorks
whalebone7/http-garden
Differential testing and fuzzing of HTTP servers and proxies
whalebone7/http2smugl
whalebone7/jsql-injection
jSQL Injection is a Java application for automatic SQL database injection.
whalebone7/jwt-secrets
whalebone7/nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
whalebone7/One-Lineers
A collection of awesome one-liners for bug bounty hunting.
whalebone7/PackMyPayload
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
whalebone7/pegasus
Pegasus Workflow Management System - Automate, recover, and debug scientific computations.
whalebone7/Penetration-List_albusSec
Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-depth theory sections. Visit our Medium profile for more information.
whalebone7/PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
whalebone7/picker
whalebone7/wBroswer
This leight browser is hacker tweaked version of https://github.com/rahul2002m/Browser/blob/main/Browser.py, to allow burp interception.
whalebone7/Web-Security-Academy-Series_Rana_Notes
Thank you Rana Khalil
whalebone7/Web_Hacking_mehdi0x90
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.