Richard Clifford's Projects
CookieStealer written in Go
Just a toy for CRT.sh inspired by nahamsec
My local dotfiles
This was just a private class that I made which helped me develop for the web using the FM PHP API but I have added my own methods which saved time and made life easier.
A Fast OTP Brute Forcer written in Go
Checks whether a domain is hosted on a cloud service such as AWS, Azure or CloudFlare
A very simple method of Brute Forcing the GoKey password manager by CloudFlare. Given a known password and guessed realm will reveal the user's master password which could be used to reveal further passwords by said user.
Hackerone Repo Takeover
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
Config files for my GitHub profile.
A program written in Go which takes a Nessus XML file and extracts the hosts in IP:PORT format.
A tool to generate OpenXML XXE Payloads written in Python3.
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
ParamReplace matches a given URL parameter and replaces it with a specific value
Portswigger Labs following the YouTube videos
PowerSploit - A PowerShell Post-Exploitation Framework
Prism Nuclei Import Tool
Red Team Tools
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with mi
PHP Laravel Based Pentesting Report Writing Tool
Unleash the power of cloud
Takes a set of IPs and performs recon to get domain names associated with the IP. Especially useful for when there is no reverse-dns record set.
A quick and dirty script to lookup CVEs on Snyk
Takeover PoC
Just some hacky tools to do some jobs
VHost Scanner for TLSx
A list of web application checks sorted by functionality
A tool to convert a list of wildcard domains into Burp's scope