Hacker, coder, climber, runner. Co-founder of the SteelCon conference.
DVWA. Damn Vulnerable Web Application (DVWA)
13kCeWL. CeWL is a Custom Word List Generator
2.7kpipal. Pipal, THE password analyser
664RSMangler. RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.
234nosqlilab. A lab for playing with NoSQL Injection
136GitHunter. A tool for searching a Git repository for interesting content
107authlab. A lab to play with authentication and authorisation problems
98CloudStorageFinder. A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
86vuLnDAP. A vulnerable LDAP based web app written in Golang
83leakyrepo. A repo which contains lots of things which it shouldn't
43scanner_user_agents. A list of user agents belonging to common web scanners.
40sitediff. Fingerprint a web app using local files as the fingerprint sources
39twofi. Twitter Words of Interest - Generate word lists from twitter searches
31svg_xss. Defending against XSS in SVG files
31RSYaba. RSYaba Modular Brute Force Attacker
19EyeWitness. EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
14burp_collab_scripts. A set of scripts to help automate the management of Burp Collaborator
14powershell_port_scanner. A port scanner written in PowerShell
13pat_to_pass. Pat to Pass - Convert observed key presses to potential password lists
12deleet. Take a word list and convert 1337 spellings back to normal
12gin_tutorial. Learning to build web apps in Gin. Don't expect anything new or ground breaking, I'm just following tutorials.
9cracked_flask. A very simple lab for cracking Flask session cookies
9bearer_injection. A script to run with mitmproxy to inject a bearer token into every request.
9go_practice. My practice Go files
7SaveBrowsingImages. Extension for Burp to automatically save images to a file.
7cachepoisoner. A lab to play with web cache poisoning
7ots-cert-demo. Proof of concept code to go with my OTS Certificate blog post
6typo_squatter. Suggest common typos to a given domain name which could be in use by typo squatters
5theHarvester. E-mail, subdomain and people names harvester
4DumbContracts. Learning and playing with Ethereum Smart Contracts
4nikto. Nikto web server scanner
4sockettome. A lab for security testing web sockets
3nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
3testssl.sh. Testing TLS/SSL encryption anywhere on any port
2openapi-generator. OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
2digininja. All about me!
2screenshottigans. Screenshot Shenanigans
2dnsrecon. DNS Enumeration Script
2metasploit-framework. Metasploit Framework
2the-blockchain-bar. The source-code for: "Build a Blockchain from Scratch in Go" eBook.
2october_apache_test. A test for October CMS to see if Apache is setup correctly
1JSONBee. A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
1kb2severity. Lookup the MS severity for a given KB
1thescum. This is an attempt to footprint all the trackers and profiling attempts used by numerous UK newspapers operating online, papers known for being liberal with the truth. It is a work in progress and the trackers listed here can also apply to other aspects of the web we use today.
1ayfabtu. Scripts to extract files from SCM directories left on web servers
1bambdas. Bambdas collection for Burp Suite Professional and Community.
1sitemap2proxy. Take an XML sitemap and request all the URLs in it through your chosen proxy.
1natlas. Scaling Network Scanning
1CVE-2023-26258-ArcServe. Python
1antfarm. Malware execution environment
1go-git. A highly extensible Git implementation in pure Go.
1