karvashy

followers

following

stars

karvashy's starred repositories

chunkloader

A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs

Language:JavaScript6000

repolist

Generate wordlists from Github repositories

Language:Python9200

dmut

A tool to perform permutations, mutations and alteration of subdomains in golang.

Language:GoMIT15500

LLM101n

LLM101n: Let's build a Storyteller

wscan

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

Language:GoNOASSERTION51100

misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Language:GoMIT32900

BucketLoot

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

Language:GoMIT37000

gmapsapiscanner

Language:PythonMIT90600

JS-Tap

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.

Language:JavaScriptUnlicense32700

smugglefuzz

A rapid HTTP downgrade smuggling scanner written in Go.

Language:GoMIT24200

domlogger-configs

Useful configurations for the DomLogger++ extension

2200

domloggerpp

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Language:JavaScriptGPL-3.039100

fuzzing-templates

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

MIT2400

objection

📱 objection - runtime mobile exploration

Language:PythonGPL-3.0734200

burpsuite-project-file-parser

A Burp Suite Extension for parsing Project Files from the CLI.

Language:Java8200

guidtool

A tool to inspect and attack version 1 GUIDs

Language:Python20500

cdn-proxy

Bypass CDN and WAF restrictions using CDN re-fronting.

Language:Python23100

freebind

IPv6 address rate limiting evasion tool (that also supports IPv4)

Language:CGPL-3.020900

cloud-service-enum

Language:PythonApache-2.022200

cookiemonster

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Language:GoMIT81000

can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

weirdAAL

WeirdAAL (AWS Attack Library)

Language:Python77300

server-side-prototype-pollution

A collection of Server-Side Prototype Pollution gadgets and exploits

Language:JavaScriptMIT12400

postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

MIT300

AIAIAI

An Incredibly Annoying, Insufferable Authentication Implementation

Language:Python3000

sic

A tool to perform Sequential Import Chaining

Language:RustMIT24900

ResourceOverride

An extension to help you gain full control of any website by redirecting traffic, replacing, editing, or inserting new content.

Language:JavaScriptMIT46700

singularity

A DNS rebinding attack framework.

Language:JavaScriptMIT101600

transformers.js

State-of-the-art Machine Learning for the web. Run 🤗 Transformers directly in your browser, with no need for a server!

Language:JavaScriptApache-2.01093400

cloudfox

Automating situational awareness for cloud penetration tests.

Language:GoMIT189400