chouaib H'm's repositories
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Android-PIN-Bruteforce
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
bruteforce-lists
Some files for bruteforcing certain things.
Bug-Bounty-Roadmaps
Bug Bounty Roadmaps
BugBounty
Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...
bugz-tools
A collection of tools I wrote for bug bounty or hacking and don't mind publishing it :smile:
CVE-2020-1472
Test tool for CVE-2020-1472
dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Dictionary-Of-Pentesting
渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
gal
Get all possible href | src | url from target url or domain
Gxss
Tool for checking reflecting Parameters in a URL.
h2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
hacks
A collection of hacks and one-off scripts
JSFScan.sh
Automation for javascript recon in bug bounty.
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
missionbot
Synack Mission claim Bot
mySapAdventures
A quick methodology on testing / hacking SAP Applications for n00bz and bug bounty hunters
NimScan
🚀 Fast Port Scanner 🚀
Oralyzer
Open Redirection Analyzer
ReconNotes
Just some public notes that can be useful and i want let the world knows.
redtool
日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
rusty-hog
A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.
unew
A tool for append URLs, skipping duplicates & combine parameters.
VPS-Install
Quick script to install all the required tools over a VPS (tested on DEBIAN)
web-payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
XSRFProbe
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
XSS-Clientside-Attacks
A repository of JavaScript XSS attacks against client browsers