monish4033's repositories
axiom
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
bucketbunny
AWS S3 open bucket poc automated script.
can-i-take-over-dns
"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
commonspeak2
Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
CVE-2018-11235
PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submodules
CVE-2018-11235-Git-Submodule-CE
CVE-2018-11235-Git PoC
frogy
My subdomain enumeration script.
Gf-Patterns
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
JSFinder
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
JSONBee
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
jwt-cracker
Simple HS256 JWT token brute force cracker
kiterunner
Contextual Content Discovery Tool
KNR-XSS-Payloads
Payloads For XSS
Lockdoor-Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
malicious
test
mitm_relay
Hackish way to intercept and modify non-HTTP protocols through Burp & others.
NSBrute
Python utility to takeover domains vulnerable to AWS NS Takeover
portable-data-exfiltration
This repo contains all the injections mentioned in my talk and enumerators.
RansomLook
Yet another Ransomware gang tracker
rotating-proxy
Rotating TOR proxy with Docker
samling
Serverless SAML IDP for testing SAML integrations
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
test
test
vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
wappalyzer
The last commit of Wappalyzer before it went private
wordlists
Automated & Manual Wordlists provided by Assetnote