Paul McCarty's starred repositories
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
HostHunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
github-subdomains
Find subdomains on GitHub.
simplehttpserver
Go alternative of python SimpleHTTPServer
hakip2host
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
GraphCrawler
GraphQL automated security testing toolkit
BypassFuzzer
Fuzz 401/403/404 pages for bypasses
Valid8Proxy
Tool designed for fetching, validating, and storing working proxies.
WebSecurity-Academy-with-Python
Scripts for solving WebSecurity Academy labs of PortSwigger using Python
actions-secrets
Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more
actions-sbom
A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!
gh-node-module-generatebom
GitHub action to generate a CycloneDX SBOM for Node.js
actions-abom
SecureStack Application Bill of Materials (ABOM/SBOM)
waf_tester
Web Application Firewall Test Script
commit-audit
Shell script that checks if git commits are signed
graphql-security-labs
GraphQL security hands-on workshop