0xbharath Goto Github PK

csp-evaluator

ctlog-utilities

Quick and dirty utilities I scribbled while digging through Certificate Transparency logs using crt.sh

damn-vulnerable-graphql-application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

datasploit

Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.

dirbuster-ng

dirbuster-ng is C CLI implementation of the Java dirbuster tool

dns-for-penetration-testers-nullblr

DNS for penetration testers talk given at Nullblr June 2017.

dns-graph

Collection of tools for visualising and correlating DNS data for security use-cases using FDNS data set.

dnsreaper

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

dnssec-labs

dnstwist

Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

domains-from-csp

A script to extract domain names from Content Security Policy(CSP) headers

dotfiles

A collection of personal dotfiles. i3wm, zsh and Dell XPS 13 9350

dstp

🧪 Run common networking tests against your site.

dvna

Damn Vulnerable NodeJS Application

dvna-sqlite

ecapture

capture SSL/TLS text content without CA cert using eBPF. supports Linux x86_64/Aarch64, Android Aarch64.

enumerate-iam-1

Enumerate the permissions associated with AWS credential set

eqgrp_lost_in_translation

Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

ffuf

Fast web fuzzer written in Go

freeport

Get a free and open tcp port that is ready to use

frida-boot

Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!

fuzz-lightyear

A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

gitbook

📝 Modern documentation format and toolchain using Git and Markdown

github-dorks

Collection of github dorks and helper tool to automate the process of checking dorks

gitlab-recon

A tool to perform reconnaissance using Gitlab

go-dnssec-walker

NSEC walker in Go

gofakeit

Random fake data generator written in go

goi-subdomains-directory

List of subdomains/web apps by Government of India (GoI).

golang-for-devops-course