gau. Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
5ksubjs. Fetches javascript file from a list of URLS or subdomains.
856secretz. secretz, minimizing the large attack surface of Travis CI
327theftfuzzer. TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
319230-OOB. An Out-of-Band XXE server for retrieving file contents over FTP.
185hacks. Repo of useful scripts
103cspparse. A tool to evaluate Content Security Policies.
71jenkinz. Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.
67otxurls. Fetch known urls from AlienVault's Open Threat Exchange for given hosts
63brute53. A tool to bruteforce nameservers when working with subdomain delegations to AWS.
58DOD-Recon. Recon for Department of Defense HackerOne program
47research. miscellaneous security research stuff
38rickrolllogs. tool to rick roll access.logs
17reckdns. A kinda reckless dns resolver. Still under development.
16rlyCTF. rlyCTF (relay CTF) challenge to emulate real-world SSRF attacks.
10sslc2. Simple C&C example in assembly that retrieves commands from the Organizational Unit (OU) field in an SSL certificate
9lc.github.io. Information Security blog by Corben Leo @hacker_
7newsletter-code. Repository for any code I send out in newsletters.
7bugbountylink. URL Shortener using Flask & MySQL
7void. Throw distracting sites into the void on Mac
6upload-scanner. HTTP file upload scanner for Burp Proxy
6pfzf. fzf for yanking code/workspace context for LLM workflows.
5certspotter. Certificate Transparency Log Monitor
4ds_storescanner. A tool to scan for .DS_Store files on webservers
3ctf-dev. Various CTF's I've created over time
2zgrab2. Fast Go Application Scanner
2buz. Serverless multi-protocol + multi-destination event collection system.
1color. Color package for Go (golang)
1trufflehog. Find and verify credentials
1safewrite. simple golang library for safe/multi-threaded file writing
1