Beast code in Giters

El Mehdi 's starred repositories

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Language:PHPMIT54312 1899 256

fabric

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

Language:PythonMIT10954 184 185

osint_stuff_tool_collection

A collection of several hundred online tools for OSINT

Language:HTML4797 124 16

awesome-bugbounty-tools

A curated list of various bug bounty tools

CC0-1.03654 85 14

bug-bounty-reference

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

3617 242 7

bounty-targets-data

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

MIT2999 2340

massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Language:CGPL-3.02983 74 109

medusa

Binary instrumentation framework based on FRIDA

Language:PythonGPL-3.01425 45 44

xsshunter-express

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

Language:JavaScriptMIT1382 10 26

wordlists

Real-world infosec wordlists, updated regularly

MIT1275 26 1

bug-bounty-dorks

List of Google Dorks for sites that have responsible disclosure program / bug bounty program

1120 36 3

ms-teams-rce

1113 37 9

filterbypass

Browser's XSS Filter Bypass Cheat Sheet

1088 65 2

postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

Language:JavaScriptMIT979 37 5

cook

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

Language:GoMIT946 20 15

Nuclei-Templates-Collection

Nuclei Templates Collection

Language:Python791 30 3

cookiemonster

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Language:GoMIT748 11 6

http-garden

Differential testing and fuzzing of HTTP servers and proxies

Language:PythonGPL-3.0609 10 33

php_filter_chain_generator

Language:Python579 10 2

WordList

Language:PHP539 110

surf

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

Language:Go510 8 1

leakScraper

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Language:PythonGPL-3.0385 15 5

cssInjection

Stealing CSRF tokens with CSS injection (without iFrames)

Language:HTMLGPL-2.0312 150

sj

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

Language:GoMIT297 1 1

CSPReconGO

Language:Go92 3 1

RepeaterSearch

This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.

Language:Java80 4 2

trickest-cli

Execute Trickest workflows right from your terminal

Language:GoMIT68 4 38

Publications

57 210

DOMClobbering

DOM Clobbering Wiki, Browser Testing, and Payload Generation

Language:JavaScriptGPL-3.036 3 6

HackerzHat

Language:Python700