This is your work, valued

xer0dayz

Elite
@1N3

Founder of Sn1perSecurity LLC. Creator of Sn1per and SILENTCHAIN AI. Top 20 worldwide on @BugCrowd in 2016. OSCE/OSCP/CISSP/Security+

Sn1per. Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.

10k

IntruderPayloads. A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

4k

BruteX. Automatically brute force all services running on a target.

2.3k

Findsploit. Find exploits in local and online databases instantly

1.8k

BlackWidow. A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

1.8k

PrivEsc. A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

992

ReverseAPK. Quickly analyze and reverse engineer Android packages

865

Goohak. Automatically Launch Google Hacking Queries Against A Target Domain

740

Wordpress-XMLRPC-Brute-Force-Exploit. Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

499

MassBleed. MassBleed SSL Vulnerability Scanner

247

Exploits. Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

208

PRISM-AP. An automated Wireless RogueAP MITM attack framework.

191

XSSTracer. A small python script to check for Cross-Site Tracing (XST)

133

AttackSurfaceManagement. Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

105

HTTPoxyScan. HTTPoxy Exploit Scanner by 1N3 @CrowdShield

104

PowerExfil. A collection of data exfiltration scripts for Red Team assessments.

96

SuperMicro-Password-Scanner. Supermicro IPMI/BMC Cleartext Password Scanner

42

CloudHunter. Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them

36

1N3. Sr. Penetration Tester. Creator of Sn1per. Top 20 worldwide on @BugCrowd in 2016. OSCE/OSCP/CISSP/Security+

28

CTF-Writeups. CTF Writeups

16

forbidden. Bypass 4xx HTTP response status codes and more. Based on PycURL.

16

Sublist3r. Fast subdomains enumeration tool for penetration testers

14

gitGraber. gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

14

IPGeoLocation. Retrieve IP Geolocation information

14

Amass. In-depth Attack Surface Mapping and Asset Discovery

13

DirDar. DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

13

jexboss. JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

12

LinkFinder. A python script that finds endpoints in JavaScript files

10

massdns. A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

10

InfoSec-Black-Friday. All the deals for InfoSec related software/tools this Black Friday

9

CVE-2018-15473-Exploit. Exploit written in Python for CVE-2018-15473 with threading and export formats

8

rapiddns. Rapidly enumerate subdomains and domains using rapiddns.io.

7

github-endpoints. Find endpoints on GitHub.

3

slurp. S3 bucket enumerator

3