Jesse's starred repositories
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
HackeroneSpider
A spider for Hackerone
reliable-debundle
:card_file_box: A javascript debundler. Takes a Browserify or Webpack bundle and recreates the initial, pre-bundled source.
enumerate-iam
Enumerate the permissions associated with AWS credential set
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
CloudBrute
Awesome cloud enumerator
KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
github-search
A collection of tools to perform searches on GitHub.
ssrf-finder
Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
pwn_jenkins
Notes about attacking Jenkins servers
ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
OpenSSL-CCS-Inject-Test
This script is designed for detection of vulnerable servers (CVE-2014-0224.) in a wide range of configurations. It attempts to negotiate using each affected protocol version (SSLv3, TLSv1, TLSv1.1, and TLSv1.2) advertising a comprehensive set of ciphers.
static-tools
Static compiled binaries + scripts ready to use on systems
graphql_beautifier
Burp Suite extension to help make Graphql request more readable
sas-top-10
Serverless Architectures Security Top 10 Guide