tomnomnom
Follow
Lists (1)
Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Hunt down social media accounts by username across social networks
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
CTF framework and exploit development library
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Scanning APK file for URIs, endpoints & secrets.
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
An enterprise friendly way of detecting and preventing secrets in code.
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
File upload vulnerability scanner and exploitation tool.
A collection of custom security tools for quick needs.
SSRF (Server Side Request Forgery) testing resources
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
Generates permutations, alterations and mutations of subdomains and then resolves them
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Index your Gmail Inbox with Elasticsearch