bugbaba

followers

following

stars

Kobe

https://bugbaba.blogspot.com

Noman | نعمان | नोमान's starred repositories

dive

A tool for exploring each layer in a docker image

Language:GoMIT44706 358 321

ffuf

Fast web fuzzer written in Go

Language:GoMIT11918 157 502

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Language:GoMIT7204 81 587

slack-term

Slack client for your terminal

Language:GoMIT6410 75 232

pspy

Monitor linux processes without root permissions

Language:GoGPL-3.04755 51 12

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

shhgit

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Language:JavaScriptMIT3807 63 65

GitTools

A repository with 3 tools for pwn'ing websites with .git repositories available

Language:ShellMIT3782 89 25

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Language:GoMIT3742 48 98

LinkFinder

A python script that finds endpoints in JavaScript files

Language:PythonMIT3573 64 81

httprobe

Take a list of domains and probe for working HTTP and HTTPS servers

Language:GoMIT2779 46 46

Cr3dOv3r

Know the dangers of credential reuse attacks.

Language:PythonMIT1994 101 57

dvcs-ripper

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

Language:PerlGPL-2.01662 52 18

x8

Hidden parameters discovery suite

Language:RustGPL-3.01617 23 51

meg

Fetch many paths for many hosts - without killing the hosts

Language:GoMIT1566 36 61

My-Shodan-Scripts

Collection of Scripts for shodan searching stuff.

Language:PythonMIT1046 45 2

clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

Language:PythonApache-2.0965 12 61

webanalyze

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Language:GoMIT915 14 52

getJS

A tool to fastly get all javascript sources/files

Language:GoMIT644 10 9

urldedupe

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Language:C++MIT307 6 8

armada

A high performance TCP SYN port scanner.

Language:RustNOASSERTION305 6 17

awesome-attack-surface-monitoring

Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.

jolokia-exploitation-toolkit

jolokia-exploitation-toolkit

Language:Python274 50

leaky-repo

Benchmarking repo for secrets scanning

Language:PythonMIT220 9 1

goaltdns

A permutation generation tool written in golang

Language:GoMIT202 10 4

CollabOzark

CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.

Language:PHP136 7 1

deepsecrets

Secrets scanner that understands code

Language:PythonMIT116 4 4

WhereToGo

WhereToGo - is a list of popular services that might be used in organizations. By having an account of the user - you can try to find entry points to the organization data.

spring-boot-actuator-h2-rce

Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database

Language:Java103 3 1

fresh.py

An efficient multi-threaded DNS resolver validator

Language:Python81 3 1