earendel3301 Goto Github PK

403bypasser

awesomexss

Awesome XSS stuff

bug-bounty-wordlists

A repository that includes all the important wordlists used while bug hunting.

commix

Automated All-in-One OS Command Injection Exploitation Tool.

crlfsuite

The most powerful CRLF injection (HTTP Response Splitting) scanner.

feroxbuster

A fast, simple, recursive content discovery tool written in Rust. | directories status code checker

finalrecon

The Last Web Recon Tool You'll Need

fireprox

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation / used for ratelimit based on IP address bypass

freq

This is go CLI tool for send fast Multiple get HTTP request.

fuzz.txt

Potentially dangerous files

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

gf

A wrapper around grep, to help you grep for things

gf-patterns

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

github-search

Tools to perform basic search on GitHub.

httpx

A next generation HTTP client for Python. 🦋 HTTPX

inputscanner

scanning web applications for input points

jsonbee

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

kxss

This a adaption of tomnomnom's kxss tool with a different output format - testing and finding XSS

oneliner-bugbounty

A collection oneliner scripts for bug bounty

paramspider

Mining parameters from dark corners of Web Archives

qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value

seclists

LFI-SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

securitytesting

WAF bypass checklist Injections

ssrfire

An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects

subdomains.sh

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

takeover

Sub-Domain TakeOver Vulnerability Scanner

threatmapper

🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

uro

declutters url lists for crawling/pentesting - very good tool to test targets with alot of urls

wordlist

good collection of wordlists for fuzzing