Repository

Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some "XSS Vulnerability" Challenges And Bypass Examples

20 Jun 2022 By hackergadgets

This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic XSS validation bypass Double encode bypass of WAF to exploit XSS Exploiting XSS by bypassing escape characters Quick Start Using Docker Using docker hub (Quickest): ToRead More

Git-Dumper – A Tool To Dump A Git Repository From A Website

24 Apr 2022 By hackergadgets

A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper [options] URL DIR Dump a git repository from a website. positional arguments: URL url DIR output directory optional arguments: -h, –help show this help message and exit –proxy PROXY use theRead More

Keyhacks – A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They’Re Valid

31 Aug 2021 By

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid. @Gwen001 has scripted the entire process available here and it can be found here Table of Contents ABTasty API Key Algolia API key Amplitude API Keys Asana Access token AWS Access KeyRead More

Git-Secret – Go Scripts For Finding An API Key / Some Keywords In Repository

24 Aug 2021 By

Go scripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example keyword.txt passwordusernamekeysaccess_keys Reference https://github.com/odomojuli/RegExAPI Download Git-Secret

Go-Shellcode – A Repository Of Windows Shellcode Runners And Supporting Utilities

07 Aug 2021 By

go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. The available Shellcode runners include: CreateFiber CreateProcess CreateProcessWithPipe CreateRemoteThread CreateRemoteThreadNative CreateThread CreateThreadNative EarlyBird EtwpCreateEtwThread NtQueueApcThreadEx (local) RtlCreateUserThread Syscall Shellcode Utils UuidFromStringA CreateFiber This application leverages the Windows CreateFiber function from the Kernel32.dllRead More

Gitls – Enumerate Git Repository URL From List Of URL / User / Org

13 Mar 2021 By

Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from allRead More

GitDorker – A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks

23 Oct 2020 By

GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I’ve compiled from various sources to provide an overview of sensitive information stored on github given a search query. The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface toRead More

RepoPeek – A Python Script To Get Details About A Repository Without Cloning It

27 May 2020 By

RepoPeek is a Python script to get details about a repository without cloning it. All the information are retrieved using the GitHub API.Please Note: API requests made by this module aren’t using basic authentication or OAuth. Therefore the rate limit allows for up to 60 requests per hour. Unauthenticated requests are associated with the originatingRead More

Minimalistic-offensive-security-tools – A Repository Of Tools For Pentesting Of Restricted And Isolated Environments

22 May 2020 By

Minimalistic SMB login bruteforcer (smblogin.ps1)A simple SMB login attack and password spraying tool.It takes a list of targets and credentials (username and password) as parameters and it tries to authenticate against each target using the provided credentials.Despite its minimalistic design, the tool keeps track of everything by writing every result into a text file. ThisRead More

X