UK

Robin Wood

Elite
@digininja

Hacker, coder, climber, runner. Co-founder of the SteelCon conference.

DVWA. Damn Vulnerable Web Application (DVWA)

13k

CeWL. CeWL is a Custom Word List Generator

2.7k

pipal. Pipal, THE password analyser

664

RSMangler. RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.

234

nosqlilab. A lab for playing with NoSQL Injection

136

GitHunter. A tool for searching a Git repository for interesting content

107

authlab. A lab to play with authentication and authorisation problems

98

CloudStorageFinder. A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces

86

vuLnDAP. A vulnerable LDAP based web app written in Golang

83

leakyrepo. A repo which contains lots of things which it shouldn't

43

scanner_user_agents. A list of user agents belonging to common web scanners.

40

sitediff. Fingerprint a web app using local files as the fingerprint sources

39

twofi. Twitter Words of Interest - Generate word lists from twitter searches

31

svg_xss. Defending against XSS in SVG files

31

RSYaba. RSYaba Modular Brute Force Attacker

19

EyeWitness. EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

14

burp_collab_scripts. A set of scripts to help automate the management of Burp Collaborator

14

powershell_port_scanner. A port scanner written in PowerShell

13

pat_to_pass. Pat to Pass - Convert observed key presses to potential password lists

12

deleet. Take a word list and convert 1337 spellings back to normal

12

gin_tutorial. Learning to build web apps in Gin. Don't expect anything new or ground breaking, I'm just following tutorials.

9

cracked_flask. A very simple lab for cracking Flask session cookies

9

bearer_injection. A script to run with mitmproxy to inject a bearer token into every request.

9

go_practice. My practice Go files

7

SaveBrowsingImages. Extension for Burp to automatically save images to a file.

7

cachepoisoner. A lab to play with web cache poisoning

7

ots-cert-demo. Proof of concept code to go with my OTS Certificate blog post

6

typo_squatter. Suggest common typos to a given domain name which could be in use by typo squatters

5

theHarvester. E-mail, subdomain and people names harvester

4

DumbContracts. Learning and playing with Ethereum Smart Contracts

4

nikto. Nikto web server scanner

4

sockettome. A lab for security testing web sockets

3

nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.

3

testssl.sh. Testing TLS/SSL encryption anywhere on any port

2

openapi-generator. OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)

2

digininja. All about me!

2

screenshottigans. Screenshot Shenanigans

2

dnsrecon. DNS Enumeration Script

2

metasploit-framework. Metasploit Framework

2

the-blockchain-bar. The source-code for: "Build a Blockchain from Scratch in Go" eBook.

2

october_apache_test. A test for October CMS to see if Apache is setup correctly

1

JSONBee. A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

1

kb2severity. Lookup the MS severity for a given KB

1

thescum. This is an attempt to footprint all the trackers and profiling attempts used by numerous UK newspapers operating online, papers known for being liberal with the truth. It is a work in progress and the trackers listed here can also apply to other aspects of the web we use today.

1

ayfabtu. Scripts to extract files from SCM directories left on web servers

1

bambdas. Bambdas collection for Burp Suite Professional and Community.

1

sitemap2proxy. Take an XML sitemap and request all the URLs in it through your chosen proxy.

1

natlas. Scaling Network Scanning

1

CVE-2023-26258-ArcServe. Python

1

antfarm. Malware execution environment

1

go-git. A highly extensible Git implementation in pure Go.

1
51
Apply