attacker-codeninja's repositories
BucketLoot
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
NucleiMonst3r
Nucleimonst3r is a powerful vulnerability scanner that provides red-teamers with quick and accurate results.
27-ways-to-bypass-2fa-otp
27 ways to bypass 2FA/otp
crt.sh
Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.
dastardly-github-action
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
Do-It-Yourself-Web-Penetration-Testing
Do It Yourself! (DIY) Web Penetration Testing is a guideline in performing security test cases against web applications
fuzz.txt
Potentially dangerous files
github-actions-goat
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
goctopus
Blazing fast GraphQL discovery & fingerprinting toolbox.
HEDnsExtractor
raw html extractor from Hurricane Electric portal
Hunt
Repository that contains a list of subdomains for bug bounty hunting
ios-reloader
The iOS Reloader is a weaponizing tool for jailbroken iOS devices. It facilitates the installation of a collection of tools on iOS devices (iPhone/iPad) that are essential for penetration testing purposes.
IOSSecuritySuite
iOS platform security & anti-tampering Swift library
LFI-FINDER
LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
listMin
Python script that can minimize/simplify wordlists using regular expressions.
noir
♠️ Noir is an attack surface detector form source code.
nuclei-wordfence-cve
You just found a hidden gem 💎
One-Liners2
A collection of awesome one-liners for bug bounty hunting.
saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
SecurityList
A list for Web Security and Code Audit
SubScanX
SubScanX is a powerful Python-based tool designed to help you quickly and accurately identify responsive subdomains from a given list. Whether you're a security researcher, a penetration tester, or a web developer, this tool is an indispensable asset for reconnaissance and vulnerability assessment.
Upload_Bypass
File upload restrictions bypass, by using different bug bounty techniques covered in Hacktricks.
VDP_Notify
A very simple bash loop I wrote to run a list of domains through subfinder to check for new subdomains, check to see if an http/https server is running with httpx, and run a basic vulnerability scan with nuclei before sending a notification via notify.
Vulnerabilities-Unmasked
This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!
wordlist_builder
Best wordlist builder in town!
zWATCHER
"zwatcher is a lightweight bash script for monitoring domains or a list of domains. It compares HTTP status codes and content length to detect changes and notifies the user when any modifications occur. Easily keep track of your domains' health and security with zwatcher."