Bug Bounty Hunter that appears in your searches! Soz not Soz! Raise an Issue if you wish to contact me do not email me!
bruteforce-lists. Some files for bruteforcing certain things.
1.4kMy-Shodan-Scripts. Collection of Scripts for shodan searching stuff.
1.1kkeywords.
374Jira-Scan. CVE-2017-9506 - SSRF
192cve-2020-0688. cve-2020-0688
165ssrf-finder. Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
111AWS-Scanner. Scans a list of websites for Cloudfront or S3 Buckets
110bugbountydork. Bug Bounty Dork
72docker-ssh-honey. SSH Honey pot for docker
61mass-s3-bucket-tester. This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable
54open-redirect. Open Redirect Finder.
53cloud-cidr. AWS,AZURE,GOOGLE CLOUD IP CIDRS
50metadata-one-liners. retrive metadata endpoint data with these one liners.
41kube-scan. Kubernetes Scanner
40mcp-web-browser. An advanced web browsing server for the Model Context Protocol (MCP) powered by Playwright, enabling headless browser interactions through a flexible, secure API.
27RPI-Control. Automated 433Mhz Control for Status Power Sockets using a Raspberry Pi
24grayhatwarfare-docs-finder. Finds Documents On Cloud Assets Using grayhatwarfare API for short urls
23liferay-pwn. Vuln Liferay scanner & Exploit
21frida-docker. Dockerised Version of Frida
21InfiniteWP-exploit. InfiniteWP Client < 1.9.4.5 - Authentication Bypass
21Hikvision-Brute-Force. Brute Force Hikvision Devices that only allow PIN passwords
20wheres-my-git. Wheres My Git - Find /.git/config files based on dirs found in home url
20AutoRecon. Simple shell script for automated domain recognition with some tools
20consul-pwn. Make a Consul Agent Grab Metadata endpoints
19wpa-cracking. Command List for Hashcat and default keyspaces.
17xssfinder. Toolset for detecting reflected xss in websites
16bash-hacks. little scripts of bash stuff that i've found handy.
16All-in-One-WP-Migration-Backup-Finder. All-in-One WP Migration-Backup-Finder
16hamachi-pi. Install hamachi on your raspberry pi
16mini-php-shells. Multiple Shells of the same code with different extentions.
15slurp. Enumerate S3 buckets via certstream, domain, or keywords
15S3-Listable. S3 Buckets that will let you list all files inside them
14s3-tko. AWS S3 Bucket Finder.
14aquatone-docker. Docker Version of Aquatone
14extract-m3u. Extract username and passwords from IPTV urls
13wpa-masshandshakeextract. Needed a way to filter all my pwnagotchi handshakes.
13yahoo-bug-bounty. List of hosts from yahoo.com
13rb-recon.
13Aircrack-NG_RaspberryPI. Installer for Aircrack-NG / Airoscript For Raspberry Pi
12wifite2-docker. Docker of Wifite2
12wayback-saver. Saves pages to Wayback machine
12SecretFinder. SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
12phpunit-brute. Tool to try multiple paths for PHPunit RCE CVE-2017-9841
11cve-2019-6715. Go
11angularjs-csti-scanner. Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
11jamf-log4j. Python
11CRLF-Injection-Scanner. Command line tool for testing CRLF injection on list of domains.
10Upnp-Exploiter. A Upnp exploitation tool.
10firebaseio-checker-go. Firebase url checker in go
10urlscan-search. urlscan.io search for domains
9BucketSnoop. A Firefox extension and WebSocket handler that checks s3 buckets while your browse.
9sms-command-server. Send a SMS to Control Your Linux Box
9firebaseio-checker. Checks a list of firebaseio to confirm they are working and have dev access to them
9GitGot. Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
9cve-2022-23131-exp. Zabbix SSO Bypass
8redirector. Redirects any request with which ever http status code you want to a location of your choice
8twando. Twitter Multi Account
8docker-massscan-webui. Masscan web gui
7selenium-abuser. Abuse Open Selenium Gird or Node to get access to metadata endpoint.
7