amass

In-depth DNS Enumeration and Network Mapping

amass-1

In-depth Attack Surface Mapping and Asset Discovery

asnrecon

ASN reconnaissance script

awsscrape

A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.

brutesubs

An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose

bug-bounty-reference

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

bugcrowd-levelup-subdomain-enumeration

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

choo

:steam_locomotive::train: - sturdy 4kb frontend framework

cloudbrute

Awesome cloud enumerator

cloudrecon

csprecongo

ctfsolutiontypes

A collection of CTF solution types, i.e. not solutions to specific CTF challenges, but the general categories that those solutions fall under. Includes CTF solution categories for web, binary, network, crypto, and others. Please contribute!

disclose

Driving safety, simplicity, and standardization in vulnerability disclosure.

disclosure-policy

Open Source Responsible Disclosure Framework from Bugcrowd and CipherLaw

domain

Setup script for Regon-ng

dumpdecrypted

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

dvia

Damn Vulnerable IOS App (DVIA) is an IOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their IOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in IOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on IOS application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto IOS 7.0.4 .

gnmapper

gnmapper - Greppable NMAP (gnmap) to CSV parser / converter written in bash

graphrunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

gungnir

CT Log Scanner

hackerone_wordlist

The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform

hunt

inputscanner

internal-monologue

Internal Monologue Attack: Retrieving NTLM Hashes without Mimikatz

ios_sh

ios source grepper

jhaddix

js-scan

a .js scanner, built in php. designed to scrape urls and other info

jsparser

kingofbugbountytips