slooppe

AtlasReaper

A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.

Awesome_Incident_Response

Awesome Incident Response

bitsadmin.github.io

Blog at the bitsadm.in domain

bruteforce-lists

Some files for bruteforcing certain things.

BucketLoot

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

copy-to-bcheck

BurpSuite extension to convert requests into bcheck scripts

ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

hakstore

HARImporter

HAR importer

HBSQLI

Automated Tool for Testing Header Based Blind SQL Injection

htmlq

Like jq, but for HTML.

mantra

「🔑」A tool used to hunt down API key leaks in JS files and pages

MetadataPlus

A tool to use novel locations to extract metadata from Office documents.

noir

🖤 Discover all API and web page in the source code

page-fetch

Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values

ParaForge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

power-pwn

An offensive and defensive security toolset for Microsoft 365 Power Platform

promptmap

automatically tests prompt injection attacks on ChatGPT instances

puff

Clientside vulnerability / reflected xss fuzzer

quivr

🧠 Dump all your files and chat with it using your Generative AI Second Brain using LLMs ( GPT 3.5/4, Private, Anthropic, VertexAI ) & Embeddings 🧠

route-detect

Find authentication (authn) and authorization (authz) security bugs in web application routes.

SharpSCCM

A C# utility for interacting with SCCM

shortscan

An IIS short filename enumeration tool

spraycharles

Low and slow password spraying tool, designed to spray on an interval over a long period of time

strelka

Real-time, container-based file scanning at enterprise scale

Sudomy

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way ( Easy, light, fast and powerful )

sysreptor

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

TeamsPhisher

Send phishing messages and attachments to Microsoft Teams users

TokenTactics

Azure JWT Token Manipulation Toolset

TokenTacticsV2

A fork of the great TokenTactics with support for CAE and token endpoint v2