bbhunter's repositories
scripts
Usefull stuff from around teh internetz
security_whitepapers
Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Wordlists-1
A collection of different useful wordlists for fuzzing,
virtualhost-payload-generator
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
ChromeBugBountyHelper
Chrome extension to detect interesting things while browsing website for Bug Bounty (or just for fun)
token-priv
Token Privilege Research
JS-Scan
a .js scanner, built in php. designed to scrape urls and other info
inquisitor
Opinionated organisation-centric OSINT footprinting inspired from recon-ng and Maltego
2017-BSidesLV-Modern-Recon
Materials related to the 2017 BSides Las Vegas presentation
pentest-bookmarks
a collection of handy bookmarks
PowerShell-for-Pentesters
PowerShell for Pentesters
bugcrowd-levelup-subdomain-enumeration
FORKED FROM https://github.com/jhaddix/bugcrowd-levelup-subdomain-enumeration. This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference
subbrute
A DNS meta-query spider that enumerates DNS records, and subdomains.
PentDroid
Pentdroid is a handy utility tool which helps in automating tedious apk operations required during android app security assessments
web-security-basics
Web security concepts
sandcastle
🏰 A Python script for AWS S3 bucket enumeration.
ground-control
A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
google-dork
This will grab a random dork and then save the output to a text file
punycoder
A script to automatically list visually indistinguishable permutations of domain names using IDN and punycode.
pentesterlab-bootcamp
Writeup of what I'm learning with PentesterLab's Bootcamp
ticketmagpie
Demo of a webapp with flawed security, for training purposes
CVE-2017-5638
Apache Struts 2.0 RCE vulnerability - Allows an attacker to inject OS commands into a web application through the content-type header
490-pen-testing-tools
Penetration testing tools for CSCI 490
BiLE-suite
The Bi-directional Link Extractor.
SPSE
This is an automated tool collection written in Python for vulnerability assessment and exploitation. It also includes solution of SPSE - Securitytube Python Scripting Expert Course Problems Solution. The SecurityTube Python Scripting Expert (SPSE) is an online certification which will help you gain mastery over Python scripting and its application to problems in computer and network security. I have taken this course from SecurityTube (http://www.securitytube-training.com/online-courses/securitytube-python-scripting-expert/index.html)
XSSJacking
Abusing Self-XSS and Clickjacking to trigger XSS
Unsafe-JAX-RS-Burp
Burp Suite extension for JAX-RS