Tired of figuring out what's eligible, which subdomains to tackle, or how to conduct recon? Look no further! This script takes a CSV file from your HackerOne profile and performs the following tasks:

• Extracts the list of eligible for bounty items and sorts them by URL, application, and more.
• Performs a domain scan, providing the status of whether the domain is up or not using a custom HTTPX tool.
• Submits active domains to a subdomain finder, categorizing subdomains by their function, such as API subdomains, auth subdomains, developer subdomains, and more.

Note: It requires a Chaos API key, which is free to obtain.

Simply run the script, and it will prompt you for two inputs:

1. Chaos API key
2. A CSV file from your HackerOne scope

Sit back and relax!

Link Snagger is your go-to tool for extracting all the links present on a webpage. Say goodbye to the hassle of figuring out which button or element is clickable to access another page. This tool does the heavy lifting for you, making link extraction quick and easy.

• find the relevant links embedded hidden in plain sight
• get the js files which were used

When you need to find out the broken links which are now not being used as well as in the CTF scenarios which have many front-end functionalities and can't figure out what can be the links useful to visit to

As the name suggests, it steals cookies from visitors who click on the link.

CTFs (Capture The Flag challenges) and wherever your imagination takes you! 😉

This script uses a TCP-connect scan to identify all the open ports for a target. It's blazing fast, accurate, and even grabs banners!

Feed this script a pcap file, and it will extract all the URLs this baby visited.

This code appends your desired word to your wordlist at your specified position. Just change the number mentioned in the code's comments. It's useful in brute-forcing scenarios where the server blocks attacks after a certain number of consecutive invalid login attempts. This script lets you add valid login credentials to your wordlist in between entries, helping you avoid being blocked.

When there's a rate limit for a certain number of incorrect login attempts and it's reset by a correct login, you can bypass it by creating a wordlist with correct login credentials.

Your own customized CLI bro-wser

• There are numerous tools that bombard the requests on a target page with no or less control

• Needed a tool that can give the full control in the hands of the user

• User can control:

  • The request methods:

    • GET , POST , PUT , OPTIONS , HEAD , DELETE

  • Frequency and total count of requests

usage: delve.py [-h] -u URL [-m METHOD] [-H HEADERS] [-d DATA]
                [-t NUM_THREADS] [-rps REQUESTS_PER_SECOND]
                [-tr TOTAL_REQUESTS] [-o OUTPUT_FILE]

HTTP Request Sender Tool

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target URL
  -m METHOD, --method METHOD
                        HTTP method (GET, POST, PUT, DELETE, OPTIONS)
  -H HEADERS, --headers HEADERS
                        Headers in JSON format
  -d DATA, --data DATA  Data in JSON format for POST and PUT requests
  -t NUM_THREADS, --num-threads NUM_THREADS
                        Number of threads
  -rps REQUESTS_PER_SECOND, --requests-per-second REQUESTS_PER_SECOND
                        Requests per second
  -tr TOTAL_REQUESTS, --total-requests TOTAL_REQUESTS
                        Total number of requests across all threads
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        File to write the output to

It generates the output into a file not on a terminal

• GET

delve -u http://localhost:8080/WebGoat/login -m GET -tr 150 -t 3 -rps 2

Multiple threads can be used for multiple requests too

• POST

delve -u http://localhost:8080/WebGoat/login -m POST -d '{"username":"webgoat","password":"webgoat"}' -tr 1

PS:remeber to give the data in single quotes in json format

• OPTIONS

delve -u <url> -m OPTIONS -tr 1

• PUT

delve -u http://localhost:8080/WebGoat/login -m PUT -d '{"data":"value"}' -tr 1

• HEAD

delve -u <url> -m HEAD -tr 1

Requires ROOT!! Yes we can exfiltrate the data using ICMP protocol. Here's how : Usage:

python3 exfiltrator.py

It will ask for the Sending and Receiving bits:

choose s option and it will ask for the file to send , just give the filename with path.

choose r option and it will save the file to out.txt, though you can change it anyways.

As the firewalls can block various traffics and ports and protocols , who'll suspect the innocent ICMP

DOES NOT REQUIRE ROOT!!! Yes we can also execute commands using ICMP , Here's how: There are 2 files:

1. Listener
2. Executer

Usage:

python3 icmp_executer.py

It will prompt for :

• IP : Give the victim's IP
• Port : Just leave blank {I was drunk that day!!}
• Command : You know what to do here...
• TTL : Just leave blank if don't know what to do
• ID : It is important to give 12321 as ID or it won't execute {consider as secret key!!} PS: you can change the ID as you need in code.

Usage:

python3 icmp_listener.py

It will prompt for interface to listen to ... just give which one you're attacker is connected to. and watch.

As the firewalls can block various traffics and ports and protocols , who'll suspect the innocent ICMP