Otho quarati's repositories
arsenal
Arsenal is just a quick inventory and launcher for hacking programs
dnsdumpster
A tool to perform DNS reconnaissance on target networks. Among the DNS information got from include subdomains, mx records, web application firewall detection and more fingerprinting and lookups
log4j-affected-db
A community sourced list of log4j-affected software
pentest-search-engines
A list of search engines useful during Penetration testing, vulnerability assessments, bug bounty and more
codewarrior
code-searching tool and static code analysis - Beta
Awesome-RedTeam-Cheatsheet
Active Directory & Red-Team Cheat-Sheet in constant expansion.
XSScope
XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
httpx
httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
OneListForAll
Rockyou for web fuzzing
helm-docs
A tool for automatically generating markdown documentation for helm charts
ffuf
Fast web fuzzer written in Go
gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
LinkFinder
A python script that finds endpoints in JavaScript files
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
amazon-ecs-exec-checker
🚀 Pre-flight checks for ECS Exec
grafana-awesome
a list of awesome Grafana tools & resources, both official and community-built
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
cloudlist
Cloudlist is a tool for listing Assets from multiple Cloud Providers.
nerve
NERVE Continuous Vulnerability Scanner
ripgen
Rust-based high performance domain permutation generator.
PurplePanda
Identify privilege escalation paths within and across different clouds
manticore
Symbolic execution tool
echidna
Ethereum smart contract fuzzer
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
smart-contract-best-practices
A guide to smart contract security best practices
damn-vulnerable-defi-brownie
brownie port of damn vulnerable defi
slither
Static Analyzer for Solidity
gigahorse-toolchain
A binary lifter and analysis framework for Ethereum smart contracts