This is your work, valued
altdns. Generates permutations, alterations and mutations of subdomains and then resolves them
2.5kenumXFF. Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
227bugbountydash. [depreciated] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd
194little-doctor. 🔥🔥🔥 Out of the Browser into the Fire - Cross platform XSS worm framework 🔥🔥🔥
134fuzzdb. Automatically exported from code.google.com/p/fuzzdb
68websec-weekly. The databases, API's and managers behind https://websecweekly.org
50webappsec-toolkit. Web Application Security related tools. Includes backdoors, proof of concepts and tricks
37phishJS. Abusing trust boundaries to deliver effective phishing payloads
35CaptchaJackingPoC. Web security concept of CaptchaJacking Proof of Concept Code | Made very quickly, serves purely as a PoC only
16enumapis. Traverse JS files for APIs/Endpoints
1552-technologies-in-2016. Let's learn a new technology every week. A new technology blog every Sunday in 2016.
10bug-bounty-standards. A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
9learning-c. A documentation of all the C code I write in University - encouraging myself to write better, and cleaner code
8PERS. A passive scanning tool for finding expired domain vulnerabilities while you browse.
8twofactorauth. List of popular sites and whether or not they accept two factor auth.
8sonar.js. A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
7subfinder. Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
7heartdestroy. Multi-threaded, mass scanner for the Heartbleed vulnerability, in Python
7dirsearch. Web path scanner
7subbrute. A subdomain enumeration tool for penetration testers.
6ruxcon-talk.
5CNA-Registry. Public CNA Registry
5proxy.py. Lightweight HTTP Proxy Server in Python
5ActiveScanPlusPlus. ActiveScan++ Burp Suite Plugin
5gobuster. Directory/file & DNS busting tool written in Go
4GeoLite-mmdb-csv. MaxMind's GeoIP2 GeoLite2 Country, City, and ASN databases in MMDB and CSV format updated often
4domain. Setup script for Regon-ng
4sectalks. sectalks
4omgcatz. Source code for the latest version of omgcatz.com.
3voicemail-check. A small web app to check if your (Australian) voicemail is vulnerable to information disclosure.
3nanomebia_quote_generator. Just some me-me's
3xntrik_quote_generator. Shit xntrik Would Say
3csesoc-website. Python
3Ghost.py. Webkit based scriptable web browser for python.
2httpcomponents-client. Mirror of Apache HttpClient
2octopress. Octopress is an obsessively designed framework for Jekyll blogging. It’s easy to configure and easy to deploy. Sweet huh?
2meilisearch-go. Golang wrapper for the MeiliSearch API
1forte. A simple tool to help you manage your music playlists at events.
1next-netlify-starter. Hack
1gunicorn. gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.
1golang-book. Just my progressive attempts at the go-lang book.
1heartthreader. Massive testing anyone?
1