whalebone7 Goto Github PK

awesome-hackerone-api-tools

A collection of hacker tools using HackerOne's API

bbscope

awesome tool.

bchecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

blastinfire

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

bug_bounty_tools_and_methodology_letdoor

Bug Bounty Tools used on Twitch - Recon

byewaf

certsub

CertSub is a Bash command-line tool that extracts subdomains associated with a domain name. It uses crt.sh to perform a search and returns a sorted, unique list. It's useful for reconnaissance, identifying attack vectors, or gaining insight into subdomains.

cheatsheetthc

Collection of knowledge about information security

cloudsniffer

CloudSniffer is a powerful tool designed to aid in the discovery of the real IP address of a website protected by Cloudflare. It leverages brute force techniques by testing a list of IP addresses and analyzing the status codes returned by the server to uncover the actual IP address of the target website.

cve-2023-24489-poc

POC for CVE-2023-24489 with bash.

cvelooker

This light weight tool allows you to search for Common Vulnerabilities and Exposures (CVEs) based on a vulnerability keyword and an optional year filter.

cves

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

deepdarkcti

Collection of Cyber Threat Intelligence sources from the deep and dark web

dorking-pentestinghn

Automating the SQL/XSS Injection through GooglE/Github dorks for bug bounty

dorking_baby

https://www.nu11secur1ty.com

eagleeye

To filter the actual vulnerable URLs from the screenshots, you can use the ee.sh script. Simply run ./ee.sh -f "path/to/index_screenshot.txt" -k "hacked" and the script will filter the URLs that contain the reflective XSS payload (For Example: cPanel CVE-2023-29489 ) in their screenshots.

ffufmaster

Run ffuf with the appropriate options to brute-force the directories using the awesome different wordlists.

fuzz4bounty

1337 Wordlists for Bug Bounty Hunting

gitsniff

GitSniff searches for a specific keyword in the code of GitHub repositories using an access token, and reports back the repository name, owner, and path where the keyword was found. It is useful for bug bounty hunters to find vulnerable code and potential security issues in repositories.

google-dorks

Useful Google Dorks for WebSecurity and Bug Bounty

google-dorks-full_list

Approx 10.000 lines of Google dorks search queries - Use this for research purposes only

google_dork_list

Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff

gretire

hackability

Probe a rendering engine for vulnerabilities and other features

hackerone-reports

Top disclosed reports from HackerOne

hackvault

A container repository for my public web hacks!

hashhound

This Bash script retrieves SSL/TLS certificates associated with a specified company name and searches Censys for their SHA256 fingerprints. The results are saved to a file.

hernan_dorks

Shodan Dorks

hs

`hs` organizes subdomains into separate files based on their status codes and stores them in a "sorted" directory. It simplifies subdomain management and helps users quickly identify and access subdomains based on their respective status codes.

http-garden

Differential testing and fuzzing of HTTP servers and proxies