Australia

Shubs

Elite
@infosec-au

halcyon

altdns. Generates permutations, alterations and mutations of subdomains and then resolves them

2.5k

enumXFF. Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions

227

bugbountydash. [depreciated] Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd

194

little-doctor. 🔥🔥🔥 Out of the Browser into the Fire - Cross platform XSS worm framework 🔥🔥🔥

134

fuzzdb. Automatically exported from code.google.com/p/fuzzdb

68

websec-weekly. The databases, API's and managers behind https://websecweekly.org

50

webappsec-toolkit. Web Application Security related tools. Includes backdoors, proof of concepts and tricks

37

phishJS. Abusing trust boundaries to deliver effective phishing payloads

35

CaptchaJackingPoC. Web security concept of CaptchaJacking Proof of Concept Code | Made very quickly, serves purely as a PoC only

16

enumapis. Traverse JS files for APIs/Endpoints

15

52-technologies-in-2016. Let's learn a new technology every week. A new technology blog every Sunday in 2016.

10

bug-bounty-standards. A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.

9

learning-c. A documentation of all the C code I write in University - encouraging myself to write better, and cleaner code

8

PERS. A passive scanning tool for finding expired domain vulnerabilities while you browse.

8

twofactorauth. List of popular sites and whether or not they accept two factor auth.

8

sonar.js. A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.

7

subfinder. Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

7

heartdestroy. Multi-threaded, mass scanner for the Heartbleed vulnerability, in Python

7

dirsearch. Web path scanner

7

subbrute. A subdomain enumeration tool for penetration testers.

6

ruxcon-talk.

5

CNA-Registry. Public CNA Registry

5

proxy.py. Lightweight HTTP Proxy Server in Python

5

ActiveScanPlusPlus. ActiveScan++ Burp Suite Plugin

5

gobuster. Directory/file & DNS busting tool written in Go

4

GeoLite-mmdb-csv. MaxMind's GeoIP2 GeoLite2 Country, City, and ASN databases in MMDB and CSV format updated often

4

domain. Setup script for Regon-ng

4

sectalks. sectalks

4

omgcatz. Source code for the latest version of omgcatz.com.

3

voicemail-check. A small web app to check if your (Australian) voicemail is vulnerable to information disclosure.

3

nanomebia_quote_generator. Just some me-me's

3

xntrik_quote_generator. Shit xntrik Would Say

3

csesoc-website. Python

3

Ghost.py. Webkit based scriptable web browser for python.

2

httpcomponents-client. Mirror of Apache HttpClient

2

octopress. Octopress is an obsessively designed framework for Jekyll blogging. It’s easy to configure and easy to deploy. Sweet huh?

2

meilisearch-go. Golang wrapper for the MeiliSearch API

1

forte. A simple tool to help you manage your music playlists at events.

1

next-netlify-starter. Hack

1

gunicorn. gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.

1

golang-book. Just my progressive attempts at the go-lang book.

1

heartthreader. Massive testing anyone?

1
42
Apply