El Mehdi 's starred repositories

ffuf

Fast web fuzzer written in Go

hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Language:GoLicense:GPL-3.0Stargazers:4337Issues:59Issues:103

tbhm

The Bug Hunters Methodology

gowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Language:GoLicense:GPL-3.0Stargazers:2805Issues:44Issues:152

ASVS

Application Security Verification Standard

Language:HTMLLicense:CC-BY-SA-4.0Stargazers:2623Issues:145Issues:1159

bugcrowd_university

Open source education content for the researcher community

jaeles

The Swiss Army knife for automated Web Application Testing

Language:GoLicense:MITStargazers:2111Issues:78Issues:51

HTTPLeaks

HTTPLeaks - All possible ways, a website can leak HTTP requests

Language:HTMLLicense:BSD-2-ClauseStargazers:1948Issues:90Issues:10

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

Language:GoLicense:MITStargazers:1389Issues:19Issues:9

Android-Reports-and-Resources

A big list of Android Hackerone disclosed reports and other resources.

Corsy

CORS Misconfiguration Scanner

Language:PythonLicense:GPL-3.0Stargazers:1304Issues:31Issues:22

bruteforce-lists

Some files for bruteforcing certain things.

License:Apache-2.0Stargazers:1076Issues:34Issues:0

fav-up

IP lookup by favicon using Shodan

Language:PythonLicense:MITStargazers:1042Issues:24Issues:13

Silver

Mass scan IPs for vulnerable services

Language:PythonLicense:GPL-3.0Stargazers:1025Issues:21Issues:20

unfurl

Pull out bits of URLs provided on stdin

Language:GoLicense:MITStargazers:1013Issues:16Issues:13

dnsgen

Generates combination of domain names from the provided input.

Language:PythonLicense:MITStargazers:869Issues:23Issues:13

subjs

Fetches javascript file from a list of URLS or subdomains.

Language:GoLicense:MITStargazers:730Issues:14Issues:14

ReconPi

ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

Language:ShellLicense:MITStargazers:710Issues:29Issues:38

chomp-scan

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.

Language:ShellLicense:GPL-3.0Stargazers:393Issues:20Issues:48

Asnlookup

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Language:PythonLicense:MITStargazers:388Issues:9Issues:13

inception

A highly configurable Framework for easy automated web scanning

Command-Mobile-Penetration-Testing-Cheatsheet

Mobile penetration testing android & iOS command cheatsheet

websocket-smuggle

Issues with WebSocket reverse proxying allowing to smuggle HTTP requests

Language:PythonLicense:MITStargazers:330Issues:12Issues:2

asnip

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Language:GoLicense:MITStargazers:201Issues:7Issues:4

whoosh

[Prototype] Control a 3D spaceship with hand movements

Language:JavaScriptLicense:GPL-3.0Stargazers:107Issues:8Issues:2

hacks

Repo of useful scripts

SundayStreams

Data from my Sunday streams

Language:HTMLStargazers:72Issues:4Issues:0

alldomains

all domains and his subdoamins

disco-data

Discovery data for various bug bounties