Port_Authority. Blocks websites from using javascript to port scan your computer/network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts.
370MailFail. MailFail identifies and provides commands to exploit a large number of email-related misconfigurations for the current domain and subdomain. The extensions UI popup highlights any misconfigurations in red and links to the supporting documentation.
89postMessage-tracker-firefox. A Firefox Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
28Monero-Dataset-Pipeline. A pipeline that automates the creation and transaction of monero wallets used to collect a dataset suitable for supervised learning applications.
12CSP-B-Gone. Check the CSP of the current website against a list of known bypasses.
8LinkHub. This program takes in the Html of an organization's employee page on LinkedIn, parses all the profiles, validates the accounts on GitHub, and searches for any security issue in all GitHub repos, leading to information useful for a bug bounty of the original organization.
7Quantum-Key-Distribution-BB84. BB84 and quantum based key distribution is that two parties can use its ideas to securely exchange a symmetric encryption key over the public channel without sharing any prior information with each other. The only pre-requisite is that aside from the quantum communication channel over which the qubits will be transferred, there must exist a classic communication channel between them as well. Both of these channels can be public.
6NOAuth. Identify OAuth flows and vulnerabilities
6XSS-Canary-Callback. A lightweight Flask application designed to receive and log XSS Canary alerts, then display them on a secure, real‑time dashboard.
4Monero-Transaction-Fee-Dataset. This script queries the Monero block explorer API to retrieve transaction fee information for a specified amount of txs and saves the data to disk.
3JSONPeek. Passively identify JSONP endpoints as you browse with the ability to send suspected endpoints to an exploit server for validation.
3S3BucketList. Chrome extension that lists Amazon S3 Buckets while browsing
2Fragment. A simple browser extension to include single-page application pages in your Caido or Burp Suite sitemap.
2CSP-Evaluator-Firefox. This is a super simple port of the CSP-Evaluator chrome extension to work with Firefox. The chrome extension is built off of the CSP Evaluator core library. All credit goes to Lukas Weichselbaum
2WellKnown. A Chrome extension that checks the current domain for well-known endpoints and displays them.
2merryGoRound. Example of how to build a HTTP Client with rotating IPs
2Deep-Torch-Fingerprinting. A port from the deep fingerprinting model to PyTorch
2page-fetch. Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values
1FindSomething. JavaScript
1SHAME_Model_PoC. A proof of concept attack against Amazon Alexa and Google Home devices using the SHAME model
1SHAME_Model_Fingerprinting_Smart_Assistants. A state-of-the-art attack against Google Home and Amazon Alexa devices, allowing an attacker on a network to determine the questions and commands asked to such a device without overhearing the conversation.
1