cmscardoso's repositories
amass
In-depth subdomain enumeration written in Go
Arjun
Arjun is a python script for finding hidden GET & POST parameters.
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
AwesomeXSS
Awesome XSS stuff
bb-reports-templates
My small collection of reports templates
bfac
BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
broken-link-checker
Find broken links, missing images, etc in your HTML.
bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
components
An easier way to build applications with cloud services. –
ctfr
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Decodify
It can detect and decode encoded strings, recursively.
goGetBucket
A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
Infosec_Reference
An Information Security Reference That Doesn't Suck
IntruderPayloads
A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
LFISuite
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
LinkFinder
A python script that finds endpoints in JavaScript files
majestic.py
Parsing the top n websites (rank and domain) from the majestic.com project
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pentest-tools
Custom pentesting tools
psychoPATH
psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.
pyt
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
Sn1per
Automated Pentest Recon Scanner
urlgrabber
PHP tool to grab urls of a specific site.
WhatWaf
Detect and bypass web application firewalls and protection systems
XGDork
SQLi Google Dork Scanner
XSStrike
XSStrike is an advanced XSS detection and exploitation suite.
You-Dont-Know-JS
A book series on JavaScript. @YDKJS on twitter.