Mohammad Shahrouf's Projects
I'll try to share Bugbounty resource for beginners .
A Python tool for detecting Cross-Site Scripting (XSS) vulnerabilities
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Classic Shell Reborn.
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
discover IP ranges. check email security. survey domains.
A list of resources for those interested in getting started in bug bounties
Scrapy, a fast high-level web crawling & scraping framework for Python.
A tool for Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code
Config files for my GitHub profile.
Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
The best hacker's gadgets for Red Team pentesters and security researchers.
webpwn3r ======== WebPwn3r - Web Applications Security Scanner. By Ebrahim Hegazy - @Zigoo0 Thanks: @lnxg33k, @dia2diab @Aelhemily, @okamalo Please send all your feedback and suggestions to: zigoo.blog['at']@gmail.com How to use: 1- python scan.py 2- The tool will ask you if you want to scan URL or List of urls? 1- Enter number 1 to scan a URL 2- Enter number 2 to scan list of URL's 3- URL should be a full link with a parameters .e.g http://localhost/rand/news.php?com=val&id=11&page=24&text=zigoo same thing with the list of links. Demo Video: https://www.youtube.com/watch?v=B6kDUk-ehOE In it’s Current Public [Demo] version, WebPwn3r got below Features: 1- Scan a URL or List of URL’s 2- Detect and Exploit Remote Code Injection Vulnerabilities. 3- ~ ~ ~ Remote Command Execution Vulnerabilities. 4- ~ ~ ~ SQL Injection Vulnerabilities. 5- ~ ~ ~ Typical XSS Vulnerabilities. 6- Detect WebKnight WAF. 7- Improved Payloads to bypass Security Filters/WAF’s. 8- Finger-Print the backend Technologies. More details: http://www.sec-down.com/wordpress/?p=373
XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Native support for cross-site scripting (XSS) in an nginx
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts
Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Cross-Site-Scripting (XSS) Automatic Scanner