Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
59 lines (42 sloc) 2.38 KB

Recording of the presentation is available via Twitch if you'd like to understand the context in which these tools were mentioned - https://www.twitch.tv/videos/513885075

Scaling

InterLace - https://github.com/codingo/Interlace Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.


Directory BruteForcing

FFuF - https://github.com/ffuf/ffuf Fast web fuzzer written in Go.

RecurseBuster - https://github.com/C-Sto/recursebuster Rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments.


XSS

https://github.com/hakluke/weaponised-XSS-payloads XSS payloads designed to turn alert(1) into P1

https://github.com/hoodoer/WP-XSS-Admin-Funcs JavaScript functions intended to be used as an XSS payload against a WordPress admin account.


Subdomain Discovery

DNSValidator - https://github.com/vortexau/dnsvalidator Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

DNSGrep - https://github.com/erbbysam/DNSGrep Quickly Search Large DNS Datasets

findomain - https://github.com/Edu4rdSHL/findomain The fastest and cross-platform subdomain enumerator, don't waste your time.


API Keys and Build Logs

KeyHacks - https://github.com/streaak/keyhacks Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

secretz - https://github.com/lc/secretz Minimizing the large attack surface of Travis CI.

Dr.Watson - https://github.com/prodigysml/Dr.-Watson Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!

Jenkinz - https://github.com/lc/jenkinz jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance.

jLoot - https://github.com/netspooky/jLoot JIRA Secure Attachment Looter


Cloud Based Services

Can I Take Over List - https://github.com/EdOverflow/can-i-take-over-xyz "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Cloud_enum - https://github.com/initstring/cloud_enum Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

You can’t perform that action at this time.