a1k-ghaz1's repositories
40k-nuclei-templates
40,000+ Nuclei templates for security scanning and detection across diverse web applications and services
afrog
A Security Tool for Bug Bounty, Pentest and Red Teaming.
AM0N-Eye-REMOTE-PC-HACKING-
AM0N-Eye is the decompiled from Cobaltsetrike and has been modified and developed through several aggressor scripts & BOF is project based on a combination of different ideas and projects used by the threat actor where we observe a set of techniques to evasion EDR and AV while allowing the operator to continue using the tools
anew
A tool for adding new lines to files, skipping duplicates
Artemis
A modular web reconnaissance tool and vulnerability scanner.
awesome-osint
:scream: A curated list of amazingly awesome OSINT
CVE-2023-22527-confluence
[Confluence] CVE-2023-22527 realworld poc
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
cve-maker
Tool to find CVEs and Exploits.
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Dorks-collections-list
List of Github repositories and articles with list of dorks for different search engines
Fenjing
专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, design for CTF
GTFONow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
httpAlive
HttpAlive is a web probing tool designed for discovering alive subdomains and URLs, and it offers options for updating the tool, specifying input/output files, and adjusting concurrency and threading levels.
JS_waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
katana
A next-generation crawling and spidering framework.
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
osmedeus
A Workflow Engine for Offensive Security
rengine
reNgine is an automated reconnaissance framework for web applications wilocus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
sourcemapper
Extract JavaScript source trees from Sourcemap files
SploitScan
SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated proof-of-concept (PoC) exploits.
toxicache-web-cache-poisoning-
Go scanner to find web cache poisoning vulnerabilities in a list of URLs
WAF-payload
From Cloudflare to Imperva, Akamai, F5, Checkpoint, Fortinet
waymore
Find way more from the Wayback Machine!
webcopilot
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
WebSpy-find-origin-ip-behind-WAF-
Find IP of Websites Hidden Behind a Proxy in Real Time