Md Nazmul Islam's repositories
active-ip
🕵️♂️🔍 A tool with several scanning techniques that extracts live IP addresses from a list of IP addresses or CIDR notations.
amass
In-depth attack surface mapping and asset discovery
bbscope
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
dfuf
Dump files via Directory Traversal / LFI in a breeze with the help of ffuf
Extract-all-URL-endpoints-from-an-application
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
nazmul-ethi
Config files for my GitHub profile.
PH
This script will find some basic vulns. I made this script for my daily hunting. The best feature about this script is just run it in background and then analyze the target manually.
ReconAIzer
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
regex-tokens
list of regex patterns for oauth / api tokens with provided source
RepeaterSearch
This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.
shuffledns
MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
SSRFPwned
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
SubDomainizer
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Sublist3r
Fast subdomains enumeration tool for penetration testers
vulnerability-Checklist
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet