xsshunter-express. An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
2.4kNorthKoreaDNSLeak. Snapshot of North Korea's DNS data taken from zone transfers.
1.8kCursedChrome. Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
1.7kxsshunter. The XSS Hunter service - a portable version of XSSHunter.com
1.6kthermoptic. A next-generation HTTP stealth proxy which perfectly cloaks requests as the Chrome browser across all layers of the stack.
1ksonar.js. A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
554cloudflare_enum. Cloudflare DNS Enumeration Tool for Pentesters
527JudasDNS. Nameserver DNS poisoning attacks made easy
526TLDR. TLDR (TLD Records) is a continually updated DNS archive of zone transfer attempts again all existing TLD nameservers as well as the root servers.
519TrustTrees. A Tool for DNS Delegation Trust Graphing
409xssless. An automated XSS payload generator written in python.
316ChromeGalvanizer. Harden your Chrome browser via enterprise policy.
297xsshunter_client. Correlated injection proxy tool for XSS Hunter
258droidbrute. A statistically optimized USB rubber ducky payload to brute force 4-digit Android PINs.
221RussiaDNSLeak. Summary and archives of leaked Russian TLD DNS data
191tarnish. A Chrome extension static analysis tool to help aide in security reviews.
165FlashHTTPRequest. A very simple bridge for performing Flash HTTP requests with JavaScript
81chrome-extension-manifests-dataset. >100K Chrome Extension manifest.json files for analysis
59xcname. A tool for enumerating expired domains in CNAME records
59RAGE. A hacked together PHP shell designed to be stealthy and portable
53signal-bot. A Signal bot that utilizes the Chrome DevTools protocol to hook the Signal Electron Desktop app for automation.
50PaperChaser. JavaScript
47VietnamDNSLeak. Summary and archives of leaked Vietnam TLD DNS data
47comfortably-run. A CLI tool which can be used to inject JavaScript into arbitrary Chrome origins via the Chrome DevTools Protocol
46PERS. A passive scanning tool for finding expired domain vulnerabilities while you browse.
42Metafid-Base. The base classes that are used by Metafid (a private piece of software that generates web bot code from Fiddler archives)
40UPBRUTE. Dynamic DNS Update Bruteforce Tool
29xpire-crossdomain-scanner. Scans crossdomain.xml policies for expired domain names.
26wmap. a mass web screenshot tool for mapping web networks.
25overairdroid. A python library to automate the use of the Airdroid app for Android
22lambda-intruder. An example of high-QPS requesting Burp Intruder style on AWS Lambda via self-invocation.
22xsshunter_docs. XSS Hunter correlated injection API guide
21TLD-Health-Report. Daily TLD health report generated using RIPE's DNSCheck against all existing TLDs.
19xsshunter_chrome_extension. WHY?
18dig-lambda-layer. A simple AWS Lambda layer to add dig support
11FileURISecurity. Testing page for checking the privileges that a browser gives to the file:// origin
10ctf_tools. Random CTF tool repo for small code snippets
10theinternetbackup-cli. Contribute domains to TheInternetBackup.com via an easy CLI tool!
10mandatoryprogrammer.
8dotfiles. My dot files
6subresource_integrity_rewrite. Rewrites flat HTML pages to include subresource integrity for all third party scripts/stylesheets
6elasticbeanstalk-base. Base Elastic Beanstalk config which uses Docker and an environment variable EC2_SPOT_PRICE for spot bidding
5CSP-Bypass. A Burp Plugin for Detecting Weaknesses in Content Security Policies
4slack-bot-api. Simple way to control your Slack Bot
3testrepo. test
3stargate. SOCKS for your subnet
2BARTHue. Control Hue Lights Based on the BART Schedule
2Trapcall2Spreadsheet. Exports your logged Trapcalls to a CSV spreadsheet
2mygithubpage.
2cordova-replay. Experimental plugin to enable use of the ReplayKit iOS framework
1redis. Docker Official Image packaging for Redis
1teamflix-reports. A place to report bugs and feature requests for teamflix
1testing. "><script src=//y.vg></script>
1