Bharath's Projects
Quick and dirty utilities I scribbled while digging through Certificate Transparency logs using crt.sh
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.
dirbuster-ng is C CLI implementation of the Java dirbuster tool
DNS for penetration testers talk given at Nullblr June 2017.
Collection of tools for visualising and correlating DNS data for security use-cases using FDNS data set.
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
A script to extract domain names from Content Security Policy(CSP) headers
A collection of personal dotfiles. i3wm, zsh and Dell XPS 13 9350
๐งช Run common networking tests against your site.
Damn Vulnerable NodeJS Application
capture SSL/TLS text content without CA cert using eBPF. supports Linux x86_64/Aarch64, Android Aarch64.
Enumerate the permissions associated with AWS credential set
Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
Fast web fuzzer written in Go
Get a free and open tcp port that is ready to use
Frida Boot ๐ข- A binary instrumentation workshop, with Frida, for beginners!
A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
๐ Modern documentation format and toolchain using Git and Markdown
Collection of github dorks and helper tool to automate the process of checking dorks
A tool to perform reconnaissance using Gitlab
NSEC walker in Go
Random fake data generator written in go
List of subdomains/web apps by Government of India (GoI).