bthrx Goto Github PK

0install-exegol

A bash script that will automatically install Bug Hunting tools used for recon, modified to work in Exegol

android-reports-and-resources

A big list of Android Hackerone disclosed reports and other resources.

android_app_security_checklist

Android App Security Checklist

arjun

HTTP parameter discovery suite.

awesome-burp-extensions

A curated list of amazingly awesome Burp Extensions

awesome-google-vrp-writeups

🐛 A list of writeups from the Google VRP Bug Bounty program

bugbountymethodologynotes

cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

crawljax

Crawljax: Crawling Dynamic (JavaScript-based) Web Applications

cvss_calculator

CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3 scores of vulnerabilities.

deeplink-fuzz.sh

A Bash wrapper for radamsa that can be used to fuzz exported activities and deep links.

exegol-image

Custom exegol image with some tools for Web app, Mobile, and API security testing.

fabric

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

firebaseenum

Tool to mass analyse potentially exposed Firebase databases on Android apps

garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

get_schemas

Print out URL schemas from an Android app

gitleaks

Scan git repos (or files) for secrets using regex and entropy 🔑

goldennuggets-1

Burp Extension for easily creating Wordlists

ipfuscator

IPFuscator - A tool to automatically generate alternative IP representations

l1b3rt45

J41LBR34K PR0MPT5

logseq-rss-reader-link-to-journal

Fork of logseq-rss-reader that automatically downloads the RSS feed to a page and links it to your daily journal based on the date.

logseq-todo-journal-edition

A forked version logseq-plugin-todo that gets rid of the task menu and just puts the tasks into your daily journal with the categories Today, Upcoming, and Anytime as headers.

magiskbypasscertificatetransparencyerror

This module configures the chrome flag --ignore-certificate-errors-spki-list, this bypasses the NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED cert error produced by Certificate Transparency (CT) introduced in Chrome v99

marijuana.php-docker

Defanged Marijuana.php shell that originally sent an email out with server information to a specified email address which has been removed. One docker image has zero protection, and the other uses custom modsecurity WAF rules to prevent access to the shell. This version of marijuana.php comes from Malware Bazaar and was uploaded 2023-03-28 14:21.

mobileapp-pentest-cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

owasp-mstg

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

paramspider

Mining parameters from dark corners of Web Archives

pastebin-scraper

Pastebin-scraper tool leverages the API of https://psbdmp.ws/ to find emails/domains dumped in pastebin.

pentestmonkey-cheatsheets

modified content from pentestmonkey.net

planchette

AI Tool for Testing Web App Vulnerabilities