OffXec

followers

following

stars

@SecureAxis

Remote, lol.

OffXec's repositories

TheDoc

TheDoc is a simple but very useful SQLMAP automator with built in admin finder, hash cracker(using hashca) and more!

Language:Shell98 10 1

Samurai

Samurai Email Discovery - SED is a email discovery framework that grabs emails via google dork, company name, or domain name.

Language:Shell81 8 1

infog

Information Gathering Tool

Language:ShellGPL-3.032 40

fastssh

Fast SSH Scan and BruteForcer for most common credentials.

Language:ShellGPL-3.02000

brutecms

Multi-threaded CMS BruteForcer to WordPress, Joomla, Drupal, OpenCart

Language:ShellGPL-3.018 30

botsql

Bot that uses Atscan and Sqlmap to perform scan and exploit sql vulns

Language:ShellGPL-3.07 10

metasploit-framework

Metasploit Framework

Language:RubyNOASSERTION100

My-Shodan-Scripts

Collection of Scripts for shodan searching stuff.

Language:PythonMIT100

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Language:PHPMIT1 10

AutoSQLi

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Language:Python010

BinGoo

BinGoo! A Linux bash based Bing and Google Dorking Tool

Language:Shell000

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

CC-BY-SA-4.0000

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

010

commix

Automated All-in-One OS command injection and exploitation tool.

Language:PythonNOASSERTION000

dnsenum

dnsenum is a perl script that enumerates DNS information

Language:Perl010

facebash

Facebook Brute Forcer in shellscript using TOR

Language:ShellGPL-3.0010

fakey

Lil trollzy bash script.

Language:Shell010

hawkeye

Hawkeye filesystem analysis tool

Language:GoMIT000

instashell

Multi-threaded Instagram Brute Forcer without password limit

Language:ShellGPL-3.0000

JCS

Joomla Vulnerability Component Scanner

Language:C#000

jexboss

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Language:PythonNOASSERTION000

proxify

A python module for dumping usable proxies.

Language:PythonGPL-3.0010

pure-bash-bible

📖 A collection of pure bash alternatives to external processes.

Language:ShellMIT000

relative-url-extractor

A small tool that extracts relative URLs from a file.

Language:Ruby010

sqli-labs

SQLI labs to test error based, Blind boolean based, Time based.

Language:PHP000

sqliv

massive SQL injection vulnerability scanner

Language:PythonGPL-3.0000

SubOver

A Powerful Subdomain Takeover Tool

Language:GoBSD-2-Clause000

tweets_analyzer

Tweets metadata scraper & activity analyzer

Language:PythonGPL-3.0000

WebGoat.NET

OWASP WebGoat.NET

Language:C#000

XSStrike

XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator

Language:PythonMIT000