Bug hunter, tool maker, climber, I love coding and learn new stuff.
Feel free to try my scripts or update them to fit your needs.
Check also some good oneliners.
Hardly working on my new project: https://offsec.tools.
A vast collection of security tools for bug bounty, pentest and red teaming.
Curated by the community, feel free to add your own tool and subscribe the newsletter.
- DataExtractor: Burp Suite extension to extract data from source code while browsing.
- github-subdomains: Find subdomains on GitHub.
- github-endpoints: Find endpoints on GitHub.
- github-regexp: Basically a regexp filter over a GitHub search.
- extract-endpoints: Extract endpoints from source files.
- keyhacks: Automation of tokens/api keys testing.
- related-domains: Find related domains of a given domain.
- csp-analyzer: Analyze the Content-Security-Policy of a given URL.
- favicon-hashtrick: Find subdomains using a the favicon trick.
- graphql-introspection-analyzer: Analyze the response of the introspection query of GraphQL.
- cloudflare-origin-ip: Try to find the origin IP of a webapp protected by Cloudflare.
As it takes alot of time to write and maintain tools, sponsoring is always appreciated :)
