This is your work, valued
how-to-exit-vim. Below are some simple methods for exiting vim.
7.2khakrawler. Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
5.1khakrevdns. Small, fast tool for performing reverse DNS lookups en masse.
1.6kweaponised-XSS-payloads. XSS payloads designed to turn alert(1) into P1
1.4khakoriginfinder. Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
1.1khaktrails. Golang client for querying SecurityTrails API data
596hakip2host. hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
459hakcheckurl. Takes a list of URLs and returns their HTTP response codes
401bug-bounty-standards. A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
237haklistgen. Turns any junk text into a usable wordlist for brute-forcing.
228hakscale. Distribute ordinary bash commands over many systems
164haktldextract. Extract domains/subdomains from URLs en masse
139hakfindinternaldomains. Feed it a list of subdomains, it will resolve them and tell you which ones are internal
91hakcron. Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)
85hakq. A basic golang server/client for distributing tasks over multiple systems.
39hakrevshell. Shell
38dnstrace. DNS resolution tracing tool
37hakcertstream. Basic implementation of certstream to print new subdomains and domains
37hakstore. Go
30hakluke.
22Internal-Pentest-Playbook. Internal Network Penetration Test Playbook
20hakaxfr. Attempt zone transfers on domains
19haksecuritytxt. Takes a list of domains as the input, checks if they have a security.txt, outputs the results.
16hakcsp. Return domains in CSP headers in http response
16hakjoke. Gets joke from icanhazdadjoke.com, prints it
13payload-generator. PHP
12XSS. Xss payloads
11----svg-onload-alert---. jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
11theHarvester. E-mails, subdomains and names Harvester - OSINT
11helloworlds. hello world in different languages
10hacks. Repo of useful scripts
10hakawshostnames. Generate a list of all AWS hostnames
9Markdown-XSS-Payloads. XSS payloads for exploiting Markdown syntax
8tldextract. Extract root domain, subdomain name, and tld from a url, using the Public Suffix List.
8WindowsExploits. Windows exploits, mostly precompiled.
7hakurlencode. (en|de)code urls from the CLI
7SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
7nuclei-templates. Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.
6templates. Repository to house markdown templates for researchers
6Wappalyzer. Cross-platform utility that uncovers the technologies used on websites.
6gzipsplit. split lines of text into multiple gzip files
6gh-dork. Github dorking tool
5copy-excel-paste-markdown. Copy a table in Excel (or other spreadsheet programs) and paste it as a Markdown table
5webanalyze. Port of Wappalyzer (uncovers technologies used on websites) in Go to automate scanning.
4FakeKoala.
3fabric. fabric is an open-source framework for augmenting humans using AI.
2assetnote. Push notifications for passive DNS data
1anew. A tool for adding new lines to files, skipping duplicates
1