ββAutoFunkt
Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles.
https://github.com/FortyNorthSecurity/AutoFunkt
#infosec #pentesting #redteam
Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles.
https://github.com/FortyNorthSecurity/AutoFunkt
#infosec #pentesting #redteam
GitHub
GitHub - RedSiege/AutoFunkt: Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleableβ¦
Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles - RedSiege/AutoFunkt
β€2
Bearer
Code security scanning tool (SAST) that discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD).
https://github.com/bearer/bearer
#cybersecurity #infosec #pentesting
Code security scanning tool (SAST) that discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD).
https://github.com/bearer/bearer
#cybersecurity #infosec #pentesting
β€βπ₯4π2
ββWeb application pentesting checklist
A OWASP Based Checklist With 500+ Test Cases.
https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist
#infosec #pentesting #bugbounty
A OWASP Based Checklist With 500+ Test Cases.
https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist
#infosec #pentesting #bugbounty
π₯1
ββTeamFiltration
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.
https://github.com/Flangvik/TeamFiltration
#pentesting #redteam #bugbounty
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.
https://github.com/Flangvik/TeamFiltration
#pentesting #redteam #bugbounty
GitHub
GitHub - Flangvik/TeamFiltration: TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooringβ¦
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts - Flangvik/TeamFiltration
β€βπ₯4β€1
Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Read full Article >>
bit.ly/cross-sites-cripting
#bugbounty #pentesting
Read full Article >>
bit.ly/cross-sites-cripting
#bugbounty #pentesting
β€βπ₯3π₯3π1
If You wanna Learn Web3 Pentesting Here are some steps to must follow one by one:
- Learn the basics of blockchain technology
- Understand smart contracts
- Familiarize yourself with web3 frameworks.
- Learn about web3 security vulnerabilities: Such as re-entrancy attacks, smart contract overflow, and DAO vulnerabilities.
- Practice on test networks
- Use web3 Pentesting tools
- Learn the basics of blockchain technology
- Understand smart contracts
- Familiarize yourself with web3 frameworks.
- Learn about web3 security vulnerabilities: Such as re-entrancy attacks, smart contract overflow, and DAO vulnerabilities.
- Practice on test networks
- Use web3 Pentesting tools
β€βπ₯5π1
ββNuclear Pond
Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.
https://github.com/DevSecOpsDocs/nuclearpond
#infosec #pentesting #bugbounty
Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.
https://github.com/DevSecOpsDocs/nuclearpond
#infosec #pentesting #bugbounty
π₯4π1
What's SQL injection & SQLi attack examples & How to prevent it.
SQLi, or SQL Injection, is a type of code injection technique where an attacker injects malicious code into a websiteβs SQL database through user input fields. It is one of the most common web application exploiting techniques.
Read full Article
bit.ly/sql-injections-and-preventions
#pentesting #bugbounty #sqli
@trickypenguin
SQLi, or SQL Injection, is a type of code injection technique where an attacker injects malicious code into a websiteβs SQL database through user input fields. It is one of the most common web application exploiting techniques.
Read full Article
bit.ly/sql-injections-and-preventions
#pentesting #bugbounty #sqli
@trickypenguin
π₯4β€βπ₯3π1
π¨π»βπ»Top 10 Tools for Bug Bounty Huntersπ¨π»βπ»
Bug bounty hunting is a career that is known for the heavy use of security tools.
These tools help the hunters find vulnerabilities in software, web applications and websites, and are an integral part of bounty hunting.
β‘Link : bit.ly/BugBountyTools
Share :: Support :: Learn
Bug bounty hunting is a career that is known for the heavy use of security tools.
These tools help the hunters find vulnerabilities in software, web applications and websites, and are an integral part of bounty hunting.
β‘Link : bit.ly/BugBountyTools
Share :: Support :: Learn
π3π₯3
PassMute - A Password Trasmutation/Mutator tool
This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes.
Tool link:- https://github.com/HITH-Hackerinthehouse/PassMute
This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes.
Tool link:- https://github.com/HITH-Hackerinthehouse/PassMute
π₯5π4
ββuncover
A go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.
https://github.com/projectdiscovery/uncover
#OSINT #recon #bugbounty
A go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.
https://github.com/projectdiscovery/uncover
#OSINT #recon #bugbounty
π7
5 Common Web Application Vulnerabilities and How to Test for Them
READ full Article
bit.ly/3oQ4RsT
@trickypenguin
Share & Support π
READ full Article
bit.ly/3oQ4RsT
@trickypenguin
Share & Support π
β€5π2
ββGPT4free - use ChatGPT, for free!!
This repository offers reverse-engineered third-party APIs for GPT-4/3.5, sourced from various websites. You can simply download this repository, and use the available modules, which are designed to be used just like OpenAI's official package. Unleash ChatGPT's potential for your projects, now!
https://github.com/xtekky/gpt4free
#cybersecurity #infosec
This repository offers reverse-engineered third-party APIs for GPT-4/3.5, sourced from various websites. You can simply download this repository, and use the available modules, which are designed to be used just like OpenAI's official package. Unleash ChatGPT's potential for your projects, now!
https://github.com/xtekky/gpt4free
#cybersecurity #infosec
GitHub
GitHub - xtekky/gpt4free: The official gpt4free repository | various collection of powerful language models | o4, o3 and deepseekβ¦
The official gpt4free repository | various collection of powerful language models | o4, o3 and deepseek r1, gpt-4.1, gemini 2.5 - xtekky/gpt4free
β€2
Detailed Guide on Password Transmutation
https://blog.hackerinthehouse.in/detailed-guide-on-password-transmutations/
https://blog.hackerinthehouse.in/detailed-guide-on-password-transmutations/
HITH Blog - Hackerinthehouse - Learn, Contribute, Conquer
Detailed guide on Password Transmutations-HITH Blog - Hackerinthehouse
Password transmutations are also known as Password Mutations which refer to the process of transforming a password into a different form.
β€βπ₯3
Google Dorking for Penetration Testers
What is Google Dorking?
Dorking, also known as Google Dorking, is a technique used by hackers and penetration testers to search for sensitive information...
Read More
bit.ly/3oYWPxT
@trickypenguin
What is Google Dorking?
Dorking, also known as Google Dorking, is a technique used by hackers and penetration testers to search for sensitive information...
Read More
bit.ly/3oYWPxT
@trickypenguin
β€8π2π₯2β€βπ₯1
ββIPED Digital Forensic Tool
It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
https://github.com/sepinf-inc/IPED
It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
https://github.com/sepinf-inc/IPED
β€4
βοΈ Complete Bug Bounty tool List β
Enjoy :)
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
Enjoy :)
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
β€βπ₯3
Here are 100 automated vulnerability scanning tools, both free and paid <3
OWASP Zed Attack Proxy (ZAP)
Burp Suite
Nikto
Nessus
Nmap
Acunetix
QualysGuard
Rapid7 Nexpose
Tenable.io
OpenVAS
Arachni
Vega
Netsparker
Intruder
WebInspect
AppScan
Metasploit Pro
Wapiti
Detectify
sqlmap
Astra Security Suite
Probely
WhiteHat Sentinel
Retire.js
Veracode
WPScan
Censys
Shodan
Fiddler
Kali Linux
Shadow Daemon
SiteGuarding
AppCheck
Immunio
Code Dx
HCL AppScan
Checkmarx
GitLab Ultimate
Kiuwan
RIPS Technologies
JFrog Xray
Snyk
Sonatype Nexus Lifecycle
Dependency-Check
Fortify WebInspect
SecApps Suite
Pentest-Tools.com
BinaryEdge
Reconmap
ZeroNorth
Portswigger Collaborator
Skipfish
Nuclei
BeEF (Browser Exploitation Framework)
Grendel-Scan
WebCruiser
Apache JMeter
DeepScan
Wallarm
Ratproxy
Seccubus
IronWASP
Paros Proxy
Powerfuzzer
F5 Advanced Web Application Firewall
SecureLayer7
Cloudflare Web Application Firewall
Imperva Web Application Firewall
StackPath Web Application Firewall
Reblaze
WebARX
Websecurify
AppTrana
Dome9
Indusface
SQLninja
sqlsus
Havij
JSQL Injection
WebVulnScan
Sitadel
Screaming Frog SEO Spider
GasMask
Plecost
CMSmap
Findomain
Mobsfscan
Tsunami Security Scanner
W3af
Patrowl
VulnWhisperer
Vulmap
DASTProxy
DSSS (Damn Small SQLi Scanner)
Grabber
XSSer
Tishna
HTTPCS Security
Sqreen
OWASP Zed Attack Proxy (ZAP)
Burp Suite
Nikto
Nessus
Nmap
Acunetix
QualysGuard
Rapid7 Nexpose
Tenable.io
OpenVAS
Arachni
Vega
Netsparker
Intruder
WebInspect
AppScan
Metasploit Pro
Wapiti
Detectify
sqlmap
Astra Security Suite
Probely
WhiteHat Sentinel
Retire.js
Veracode
WPScan
Censys
Shodan
Fiddler
Kali Linux
Shadow Daemon
SiteGuarding
AppCheck
Immunio
Code Dx
HCL AppScan
Checkmarx
GitLab Ultimate
Kiuwan
RIPS Technologies
JFrog Xray
Snyk
Sonatype Nexus Lifecycle
Dependency-Check
Fortify WebInspect
SecApps Suite
Pentest-Tools.com
BinaryEdge
Reconmap
ZeroNorth
Portswigger Collaborator
Skipfish
Nuclei
BeEF (Browser Exploitation Framework)
Grendel-Scan
WebCruiser
Apache JMeter
DeepScan
Wallarm
Ratproxy
Seccubus
IronWASP
Paros Proxy
Powerfuzzer
F5 Advanced Web Application Firewall
SecureLayer7
Cloudflare Web Application Firewall
Imperva Web Application Firewall
StackPath Web Application Firewall
Reblaze
WebARX
Websecurify
AppTrana
Dome9
Indusface
SQLninja
sqlsus
Havij
JSQL Injection
WebVulnScan
Sitadel
Screaming Frog SEO Spider
GasMask
Plecost
CMSmap
Findomain
Mobsfscan
Tsunami Security Scanner
W3af
Patrowl
VulnWhisperer
Vulmap
DASTProxy
DSSS (Damn Small SQLi Scanner)
Grabber
XSSer
Tishna
HTTPCS Security
Sqreen
π7β€2