Shubham Raj's repositories
Amass
In-depth DNS Enumeration and Network Mapping
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
awesome-static-analysis
Static analysis tools for all programming languages
aws-cloudformation-user-guide
The open source version of the AWS CloudFormation User Guide
clair
Vulnerability Static Analysis for Containers
CrossSiteContentHijacking
Content hijacking proof-of-concept using Flash, PDF and Silverlight
DetectionLab
Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
dirsearch
Web path scanner
droidbot
A lightweight test input generator for Android. Similar to Monkey, but with more intelligence and cool features!
gf
A wrapper around grep, to help you grep for things
GTFOBins.github.io
Curated list of Unix binaries that can be exploited to bypass system security restrictions
hacks
A collection of hacks and one-off scripts
house
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
JAWS
JAWS - Just Another Windows (Enum) Script
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
metamask-extension-POC
metamask-extension-POC
mythril
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
not-so-smart-contracts
Examples of Solidity security issues
openzeppelin-contracts
OpenZeppelin Contracts is a library for secure smart contract development.
osquery
SQL powered operating system instrumentation, monitoring, and analytics.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Repackaging-Protection
Repackaging-Protection-Android
ShellPop
Pop shells like a master.
ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
wfuzz
Web application fuzzer