Shunmugha Sundaram's repositories
Arjun
HTTP parameter discovery suite.
awesome-shodan-queries
🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩💻
client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
cve-2019-19781
This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
findomain
The fastest and cross-platform subdomain enumerator, don't waste your time.
firefox-ios
Firefox for iOS
fockcache
FockCache - Minimalized Test Cache Poisoning
GAP-Burp-Extension
Burp Extensions
google-10000-english
This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus.
GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
graphquail
Burp Suite extension that offers a toolkit for testing GraphQL endpoints.
Insecure-Firebase-Exploit
A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
nmap
Detectar vulnerabilidades de Path traversal con nmap
pathbrute
Pathbrute
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pentest-tools
Custom pentesting tools
Photon
Incredibly fast crawler designed for OSINT.
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
shhgit
Ah shhgit! Find GitHub secrets in real time
sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with different websites. A default list is already provided.
smuggler
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
subjs
Fetches javascript file from a list of URLS or subdomains.
totalrecon
TotalRecon installs all the recon tools you need
turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.