Tarek's repositories
awesome-bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
BBTz
BBT - Bug Bounty Tools
bounty-targets
This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
clickjackin
Tool to test a list of urls for clickjacking vulnerability and returns results as screenshots
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
github-search
Tools to perform basic search on GitHub.
Gxss
A tool to check a bunch of URLs that contain reflecting params.
interactsh
An OOB interaction gathering server and client library
JavascriptPracticeExamples
code from my youtube channel
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
kiterunner
Contextual Content Discovery Tool
lazyrecon
This script is intended to automate your reconnaissance process in an organized fashion
notify
Notify is a helper utility written in Go that allows you to pull results from burp collaborator instances and post them to Slack and Discord.
obsidian
Notes and writeups on CTFs (computer security competitions).
OneListForAll
Rockyou for web fuzzing
OpenRedireX
A Fuzzer for OpenRedirect issues
Parth
Heuristic Vulnerable Parameter Scanner
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
resolvers
List of periodically validated public DNS resolvers
S3Scanner
Scan for open S3 buckets and dump the contents
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
testssl.sh
Testing TLS/SSL encryption anywhere on any port
weaponised-XSS-payloads
XSS payloads designed to turn alert(1) into P1