slooppe's repositories
afrog
A Security Tool for Bug Bounty, Pentest and Red Teaming.
AssetViz
AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetViz provides intuitive insights into domain structures for informed decision-making.
awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
crossfeed
External monitoring for organization assets
domloggerpp
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
durl
Remove duplicate URLs by retaining only the unique combinations of hostname, path, and parameter names
excalibur
Pivot from a Twitter profile to Medium, Product Hunt, Mastodon, and more with OSINT
find-s3-account
Sample code for finding AWS Account ID of an S3 bucket.
github-secrets
This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
GoMapEnum
User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin
Graphpython
Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit
GraphSpy
Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
gungnir
CT Log Scanner
jsmug
A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON
json-cleaner
The utility aims to clean up output generated by popular tools by calculating a hash based on specific JSON values to removing junk data.
Misconfiguration-Manager
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
opencti
Open Cyber Threat Intelligence Platform
programs-watcher
A Python script designed to monitor bug bounty programs for any changes and promptly notify users.
ShadowClone
Unleash the power of cloud
spk
spk aka spritzgebaeck: A small OSINT/Recon tool to find CIDRs that belong to a specific organization.
SteppingStones
A Red Team Activity Hub
TokenTactics
Azure JWT Token Manipulation Toolset
toxicache
Go scanner to find web cache poisoning vulnerabilities in a list of URLs
Typo3Scan
Enumerate Typo3 version and extensions
waymore
Find way more from the Wayback Machine!
webcopilot
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.