This is your work, valued
Father, hacker, blogger, gamer, & nerd. Bounty Hunter.
tbhm. The Bug Hunters Methodology
4.4kpentest-bookmarks. a collection of handy bookmarks
1.1kdomain. Setup script for Regon-ng
941awsScrape. A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
237KingOfBugBountyTips.
199SecLists. SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
169SubreconGPT. Python
118bug-bounty-reference. Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
117scripts. Usefull stuff from around teh internetz
115CSPReconGO. Go
107HUNT. Python
105XSS.png. A XSS mind map ;)
89sslScrape. SSLScrape | A scanning tool for scaping hostnames from SSL certificates.
49LinkFinder. A python script that finds endpoints in JavaScript files
48lazyrecon. This script is intended to automate your reconnaissance process in an organized fashion
47can-i-take-over-xyz. "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
45CloudBrute. Awesome cloud enumerator
43ios_sh. ios source grepper
43sus_params. Python
42amass. In-depth DNS Enumeration and Network Mapping
36nuclei-templates. Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.
36system_prompts_leaks. Collection of extracted System Prompts from popular chatbots like ChatGPT, Claude & Gemini
34megplus. Automated reconnaissance wrapper — TomNomNom's meg on steroids.
33mywebappscripts. A collection of all the lists, scripts and techniques I use while doing web application penetration tests.
30asnrecon. ASN reconnaissance script
29Amass-1. In-depth Attack Surface Mapping and Asset Discovery
28pwnwiki.github.io. PwnWiki - The notes section of the pentesters mind.
27hackerone_wordlist. The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
26bugcrowd-levelup-subdomain-enumeration. This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference
25LazyFuzzer. Ease-of-use extension for Web Application penetration testing
23massdns. A high-performance DNS stub resolver for bulk lookups
23deepdarkCTI. Collection of Cyber Threat Intelligence sources from the deep and dark web
22karma_v2. ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
20www-project-top-25-parameters. OWASP Foundation Web Respository
20security-template. A static website template for security pages.
19brutesubs. An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
19waybackunifier. See the history of a file from above
17ScanCannon. Combines the speed of masscan with the reliability and detailed enumeration of nmap
17research. Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start
16OWASP-VWAD. The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
16RustScan. 🤖 The Modern Port Scanner 🤖
16xssHunterExtension. Chrome Extension for XSS Hunter Payloads
14JSParser. Python
13GraphRunner. A Post-exploitation Toolset for Interacting with the Microsoft Graph API
13JS-Scan. a .js scanner, built in php. designed to scrape urls and other info
13disclose. Driving safety, simplicity, and standardization in vulnerability disclosure.
12TTSL. Tool to scrape LinkedIn
10nowafpls. Burp Plugin to Bypass WAFs through the insertion of Junk Data
9SecurityTools. A repo for collecting and organizing security tools of various types. As new ones come out, they get added to the list.
9meetup. ⭐️ Repositorio oficial de Angular Medellín ⭐️
8