infosec-au

followers

following

stars

Assetnote

Australia

https://shubs.io

Shubs's starred repositories

dive

A tool for exploring each layer in a docker image

Language:GoMIT44760 358 322

pure-sh-bible

📖 A collection of pure POSIX sh alternatives to external processes.

Language:ShellMIT6409 94 23

Recaf

The modern Java bytecode editor

Language:JavaMIT5819 164 565

apk-mitm

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

Language:TypeScriptMIT3645 44 146

cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Language:GoGPL-3.01428 13 60

legba

A multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

Language:RustNOASSERTION1333 13 44

jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Language:GoMIT1292 14 12

nuclei-wordfence-cve

The EXCLUSIVE Collection of 38,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

Language:Python771 14 20

ShadowClone

Unleash the power of cloud

Language:PythonApache-2.0686 11 55

rogue_mysql_server

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

Language:GoMIT663 6 11

shortscan

An IIS short filename enumeration tool

Language:GoMIT652 6 14

noir

Attack surface detector that identifies endpoints by static analysis

Language:CrystalMIT518 11 84

aws-security-survival-kit

Bare minimum AWS Security Alerting and Configuration

Language:MakefileGPL-3.0441 18 17

curlshell

reverse shell using curl

Language:Python437 60

humanify

Deobfuscate Javascript code using ChatGPT

Language:TypeScriptMIT331 10 17

PIPE

Prompt Injection Primer for Engineers

cnext-exploits

Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

Language:Python317 70

route-detect

Find authentication (authn) and authorization (authz) security bugs in web application routes.

Language:PythonBSD-3-Clause239 2 16

wapalyzer

🌐 Identify the technologies powering any website. This is a fork of the now deleted Wappalyzer project by @AliasIO and community.

Language:JavaScriptGPL-3.0230 6 4

grepmarx

A source code static analysis platform for AppSec enthusiasts.

Language:PythonMIT194 6 8

hackvertor

Language:Java156 5 98

HttpRemotingObjRefLeak

Additional resources for leaking and exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059)

Language:PythonMIT75 1 1

EC2StepShell

EC2StepShell is an AWS post-exploitation tool for getting high privileges reverse shells in public or private EC2 instances.

Language:PythonMIT60 10

grepaddr

Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.

Language:PythonGPL-3.060 4 1

Todesstern

A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities

Language:PythonMIT59 20

pyyso

pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack

Language:PythonMIT48 20

Zero-E

Automates the network enumeration process in a fire-and-forget manner, among many more functions. Zero effort, zero error network enumeration.

Language:ShellGPL-3.042 40

nmapurls

Nmapurls parses Nmap xml reports from either piped input or command line arg and outputs a list of http(s) URL's to be used in an automation pipeline.

Language:GoGPL-3.037 1 1

CodeSheriff.NET

Language:C#NOASSERTION1300

rate-limit-queue

An implementation of rate limited queues in Python, thread-safe, using only built-in components

Language:Python8 10