Australia

Luke Stephens (hakluke)

Elite
@hakluke

hacker

how-to-exit-vim. Below are some simple methods for exiting vim.

7.2k

hakrawler. Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

5.1k

hakrevdns. Small, fast tool for performing reverse DNS lookups en masse.

1.6k

weaponised-XSS-payloads. XSS payloads designed to turn alert(1) into P1

1.4k

hakoriginfinder. Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

1.1k

haktrails. Golang client for querying SecurityTrails API data

596

hakip2host. hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

459

hakcheckurl. Takes a list of URLs and returns their HTTP response codes

401

bug-bounty-standards. A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.

237

haklistgen. Turns any junk text into a usable wordlist for brute-forcing.

228

hakscale. Distribute ordinary bash commands over many systems

164

haktldextract. Extract domains/subdomains from URLs en masse

139

hakfindinternaldomains. Feed it a list of subdomains, it will resolve them and tell you which ones are internal

91

hakcron. Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)

85

hakq. A basic golang server/client for distributing tasks over multiple systems.

39

hakrevshell. Shell

38

dnstrace. DNS resolution tracing tool

37

hakcertstream. Basic implementation of certstream to print new subdomains and domains

37

hakstore. Go

30

hakluke.

22

Internal-Pentest-Playbook. Internal Network Penetration Test Playbook

20

hakaxfr. Attempt zone transfers on domains

19

haksecuritytxt. Takes a list of domains as the input, checks if they have a security.txt, outputs the results.

16

hakcsp. Return domains in CSP headers in http response

16

hakjoke. Gets joke from icanhazdadjoke.com, prints it

13

payload-generator. PHP

12

XSS. Xss payloads

11

----svg-onload-alert---. jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

11

theHarvester. E-mails, subdomains and names Harvester - OSINT

11

helloworlds. hello world in different languages

10

hacks. Repo of useful scripts

10

hakawshostnames. Generate a list of all AWS hostnames

9

Markdown-XSS-Payloads. XSS payloads for exploiting Markdown syntax

8

tldextract. Extract root domain, subdomain name, and tld from a url, using the Public Suffix List.

8

WindowsExploits. Windows exploits, mostly precompiled.

7

hakurlencode. (en|de)code urls from the CLI

7

SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

7

nuclei-templates. Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

6

templates. Repository to house markdown templates for researchers

6

Wappalyzer. Cross-platform utility that uncovers the technologies used on websites.

6

gzipsplit. split lines of text into multiple gzip files

6

gh-dork. Github dorking tool

5

copy-excel-paste-markdown. Copy a table in Excel (or other spreadsheet programs) and paste it as a Markdown table

5

webanalyze. Port of Wappalyzer (uncovers technologies used on websites) in Go to automate scanning.

4

FakeKoala.

3

fabric. fabric is an open-source framework for augmenting humans using AI.

2

assetnote. Push notifications for passive DNS data

1

anew. A tool for adding new lines to files, skipping duplicates

1
48
Apply