hariyopmail Goto Github PK

2tearsinabucket

Enumerate s3 buckets for a specific target.

3klcon

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

apk_api_key_extractor

Automatically extracts API Keys from APK files

arl

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

asuraframework

Asura Framework 是我们在实际使用过程中，抽取出来的公共组件

awesome-bbht

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain. Feel free to fork, and add your own tools.

awesome-burp-suite

Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.

awesome-oneliner-bugbounty

A collection of awesome one-liner scripts especially for bug bounty tips.

awesome-regex

A curated collection of awesome Regex libraries, tools, frameworks and software

awesome-social-engineering

A curated list of awesome social engineering resources.

awesome-web-security

:notebook: Some notes and impressive articles of Web Security

awvs-decode

The best and easiest way to decode and repack AWVS scripts. AWVS 最好、最简单、最新的解码/再打包方法，仅15行代码！

bash-hacks

Handy bash and python scripts for bug bounty hunting!

basic-knowledge-requirements-for-cybersecurity-and-hacking

Basic knowledge requirements for cybersecurity and hacking copied from ‪@hackermaderas ‬

bb-reports-templates

My small collection of reports templates

become-a-penetration-tester

A Collection Of Penetration Testing Resources

blue_eye

Blue Eye is a python Recon Toolkit script. It shows ports and headers. Subdomain resolves to the IP addresses, company email addresses and much more ..! Author: Jolanda de Koff

bug-bounty-oneliners

Oneliners curated from my experience and from the internet

bug-bounty-wordlists

A repository that includes all the important wordlists used while bug hunting.

bugbounty_bash_scripts

Scripts for automating some recon tasks for bug bounty

bugbountytip

burpregexps

Regexps for recon anddetecting Vulns by Burp( community | Pro ) version

burpsuite-collections

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

cansina

Web Content Discovery Tool

cerberus

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

cheatsheets

Random pentest notes and tools. Use your Ctrl-F to navigate around

cloudflare-real-ip

This script find the server or public IP address used by cloudflare's spoofing

cmseek

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

cobra

Source Code Security Audit (源代码安全审计)

crawleet

Web Recon & Exploitation Tool.