bthrx's repositories
exegol-image
Custom exegol image with some tools for Web app, Mobile, and API security testing.
0install-exegol
A bash script that will automatically install Bug Hunting tools used for recon, modified to work in Exegol
Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
android_app_security_checklist
Android App Security Checklist
awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
awesome-google-vrp-writeups
🐛 A list of writeups from the Google VRP Bug Bounty program
deeplink-fuzz.sh
A Bash wrapper for radamsa that can be used to fuzz exported activities and deep links.
fabric
fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
get_schemas
Print out URL schemas from an Android app
gitleaks
Scan git repos (or files) for secrets using regex and entropy 🔑
L1B3RT45
J41LBR34K PR0MPT5
logseq-rss-reader-link-to-journal
Fork of logseq-rss-reader that automatically downloads the RSS feed to a page and links it to your daily journal based on the date.
logseq-todo-journal-edition
A forked version logseq-plugin-todo that gets rid of the task menu and just puts the tasks into your daily journal with the categories Today, Upcoming, and Anytime as headers.
MagiskBypassCertificateTransparencyError
This module configures the chrome flag --ignore-certificate-errors-spki-list, this bypasses the NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED cert error produced by Certificate Transparency (CT) introduced in Chrome v99
Marijuana.php-docker
Defanged Marijuana.php shell that originally sent an email out with server information to a specified email address which has been removed. One docker image has zero protection, and the other uses custom modsecurity WAF rules to prevent access to the shell. This version of marijuana.php comes from Malware Bazaar and was uploaded 2023-03-28 14:21.
MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
owasp-mstg
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
pastebin-scraper
Pastebin-scraper tool leverages the API of https://psbdmp.ws/ to find emails/domains dumped in pastebin.
Planchette
AI Tool for Testing Web App Vulnerabilities
reconftw-exegol
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
RegHex
A collection of regexes for every possbile use
RitualAutomaton
An interactive python to quickly set up an Emulated Android device for proxying traffic.
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
wappalyzer-cli
Wappalyzer CLI tool to find Web Technologies
whatislife_enum
File system enumerator and monitor for Android and Ubuntu.
wordlists
Automated & Manual Wordlists provided by Assetnote