Republic of Korea

HAHWUL

Elite
@hahwul

Offensive Security Engineer, Developer and H4cker.

dalfox. πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.

5.1k

WebHackersWeapons. βš”οΈ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

4.9k

DevSecOps. ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

2.1k

XSpear. πŸ”± Powerfull XSS Scanning and Parameter analysis tool&gem

1.4k

MobileHackersWeapons. Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

1.3k

jwt-hack. JSON Web Token Hack Toolkit

1k

a2sv. Auto Scanning to SSL Vulnerability

636

authz0. πŸ”‘ Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

429

mad-metasploit. Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

407

droid-hunter. (deprecated) Android application vulnerability analysis and Android pentest tool

310

metasploit-autopwn. db_autopwn plugin of metasploit

273

urx. Extracts URLs from OSINT Archives for Security Insights

188

deadfinder. πŸ΄β€β˜ οΈ Find dead-links (broken links)

179

RegexPassive. πŸ”­ Collection of regexp pattern for security passive scanning

116

mzap. ⚑️ Multiple target ZAP Scanning

111

hack-pet. 🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

111

XSS-Payload-without-Anything. XSS Payload without Anything.

108

s3reverse. The format of various s3 buckets is convert in one format. for bugbounty and security testing.

89

gee. 🏡 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go

87

websocket-connection-smuggler. websocket-connection-smuggler

68

gitls. πŸ–‡ Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

56

ws-smuggler. WebSocket Connection Smuggler

47

ras-fuzzer. RAS(RAndom Subdomain) Fuzzer

43

goyo. A simplicity and clean documentation theme

38

MemBi. All the members of bugbounty and infosec. If you don't know who to follow, see!

36

xssmaze. XSSMaze is a web service designed to test and improve the performance of security testing tools by providing various cases of XSS vulnerabilities.

35

backbomb. πŸ’£ Dockerized penetration-testing/bugbounty/app-sec testing environment

35

hbxss. Security test tool for Blind XSS

27

action-dalfox. XSS scanning with Dalfox on Github-action

26

recon-raven. Reconnaissance tool of Penetration test & Bug Bounty

26

OmniOAST. Unify your OAST provider management and consolidate all interactions into a single, streamlined workflow.

25

assets.hahwul.com. assets for www.hahwul.com

24

fuzzstone. My fuzz repo!

23

vais. SWF Vulnerability & Information Scanner

19

volt. ⚑ Golang library for quick make pentest tools

16

awesome-oneliner-bugbounty. A collection of awesome one-liner scripts especially for bug bounty tips.

16

can-i-protect-xss. Everything about xss protection technology

15

hahwul. about me!

14

raven. Automation Hacking & Penetration Testing Suite

12

mcp-hack. MCP(Model Context Protocol) Hack Toolkit

11

vunlink. Auto Web Vulnerability Scanning Framework

11

xss-cheatsheet-data. This repository contains all the XSS cheatsheet data to allow contributions from the community.

11

websocket-connection-smuggling-go. websocket-connection-smuggling write in go

10

AutoSploit. Automated Mass Exploiter

10

crawlergo. A powerful browser crawler for web vulnerability scanners

10

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

9

zest-env. πŸ‹ Zest CLI Environment

9

awesome-zap-extensions. A curated list of amazingly awesome ZAP Extensions

8

urlgrab. A golang utility to spider through a website searching for additional links.

8

golang-developer-roadmap. Roadmap to becoming a Go developer in 2020

8

IntruderPayloads. A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

7

cyclonedx-cr. A Crystal tool for generating CycloneDX Software Bill of Materials (SBOM) from Crystal shard projects.

6

homebrew-dalfox. Ruby

6

hetty. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.

6

proxify. Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.

6

heroku-buildpack-firefox. Heroku buildpack for Firefox with geckodriver

5

rings. Ruby

4

homebrew-backbomb. backbomb homebrew repository

4
58
Apply