subhash0x

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

chrome_password_grabber

Get unencrypted 'Saved Password' from Google Chrome

jok3r

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

RsaCtfTool

RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

FileChangeMonitor

Continuous monitoring for JavaScript files

quick-portfolio

Use this template if you need a quick developer / data science portfolio! Based on a Minimal Jekyll theme for GitHub Pages.

AhMyth-Android-RAT

Android Remote Administration Tool

LeetShield

BugBounty-reports-templates

My small collection of reports templates

Zoom

Automatic & lightning fast wordpress vulnerability scanner

graphql-security-labs

GraphQL security workshop labs

See-SURF

Python based scanner to find potential SSRF parameters

extended-xss-search

A better version of my xssfinder tool - scans for different types of xss on a list of urls.

CTFd

CTFs as you need them

statement

idea for codefundo

CFDblock

MARA_Framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

Tiny-PHP-Webshell

several list of simple and obfuscate PHP shell

HUNT

knoxss

People have the right to see this ugly spaghetti code, skids.

webwandoof

NITW-DOX

Document sharing hub

Bypass-Web-Application-Firewalls

Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|

TandP

wow

django

unfurl

Pull out bits of URLs provided on stdin

masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

kuchbhi

TechWrecK

begin

ShubhamWebScript-Website-vulnerability-Checker

Find any website vulnerability and bugs in few second.