description: Collection of content discovery wordlists in one wordlist. url: https://github.com/sandman4812av/971-MB-content_discovery_wordlist description: Python APT Backdoor url: https://github.com/sandman4812av/AbsoluteZero description: An advance keylogger that works and also logs special keys including uppercase letters as well. url: https://github.com/sandman4812av/Absorber description: All reasonably stable tools url: https://github.com/sandman4812av/AllTools description: Blind SQL Injection Tool with Golang url: https://github.com/sandman4812av/andor description: 🔒 Anti DDOS | Bash Script Project 🔒 url: https://github.com/sandman4812av/Anti-DDOS description: A wordlist of API names for web application assessments url: https://github.com/sandman4812av/api_wordlist description: A Tool for Domain Flyovers url: https://github.com/sandman4812av/aquatone description: HTTP parameter discovery suite. url: https://github.com/sandman4812av/Arjun description: Find domains and subdomains related to a given domain url: https://github.com/sandman4812av/assetfinder description: AntiVirus Evasion Tool url: https://github.com/sandman4812av/avet description: :computer: An awesome & curated list of best applications and tools for Windows. url: https://github.com/sandman4812av/Awesome description: List of Awesome Asset Discovery Resources url: https://github.com/sandman4812av/Awesome-Asset-Discovery description: A curated list of amazingly awesome Burp Extensions url: https://github.com/sandman4812av/awesome-burp-extensions description: Awesome Burp Suite Resources. 400+ open source Burp plugins, 500+ posts and videos. url: https://github.com/sandman4812av/awesome-burp-suite description: A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff. url: https://github.com/sandman4812av/awesome-cpp description: Awesome Hacking Tools url: https://github.com/sandman4812av/Awesome-Hacking-Tools description: 🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻 url: https://github.com/sandman4812av/awesome-shodan-queries description: 🔥 A curated list of awesome web-application firewall (WAF) stuff. url: https://github.com/sandman4812av/Awesome-WAF description: A list of web application security url: https://github.com/sandman4812av/awesome-web-hacking description: 🐶 A curated list of Web Security materials and resources. url: https://github.com/sandman4812av/awesome-web-security description: PHP Webshell with handy features url: https://github.com/sandman4812av/b374k description: Use bass to maximize your resolver count when using tools like massdns to resolve your target list. Add anywhere from 100 to 4k resolvers to your current resolver list & scale your target list url: https://github.com/sandman4812av/bass description: Free advanced and modern Windows botnet with a nice and secure PHP panel. url: https://github.com/sandman4812av/BlackNET description: A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website. url: https://github.com/sandman4812av/BlackWidow description: Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF . url: https://github.com/sandman4812av/Blazy description: Automatically exploit time-based blind SQL injection vulnerabilities. url: https://github.com/sandman4812av/blindpie description: Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). url: https://github.com/sandman4812av/Blisqy description: BurpSuite extension for Repeater tool that renders responses in a real browser. url: https://github.com/sandman4812av/browserRepeater description: Bruteforce database url: https://github.com/sandman4812av/bruteforce-database description: Bruteforce HTTP Authentication url: https://github.com/sandman4812av/bruteforce-http-auth description: Let's find someone's account url: https://github.com/sandman4812av/brutemap description: A collection of scripts to extend Burp Suite url: https://github.com/sandman4812av/burp-extensions description: Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST). url: https://github.com/sandman4812av/burpa description: burp-http请求转发至其他模块的插件 url: https://github.com/sandman4812av/BurpHttpForwardRequests description: GUI Burp Plugin to ease discovering of security holes in web applications url: https://github.com/sandman4812av/BurpSentinel description: Burp Suite extension to discover assets from HTTP response. url: https://github.com/sandman4812av/BurpSuite-Asset_Discover description: Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters. url: https://github.com/sandman4812av/bypass-firewalls-by-DNS-history description: This small utility retrieves from the CommonCrawl data set unique subdomains for a given domain name. url: https://github.com/sandman4812av/CCrawlDNS description: A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. url: https://github.com/sandman4812av/chomp-scan description: Checks using a test string if a Cloudflare DNS bypass is possible using CloudFail. url: https://github.com/sandman4812av/Cloudcheck description: 🔎 Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys. url: https://github.com/sandman4812av/CloudFlair description: A static PHP library which allows you to bypass the CloudFlare UAM page (Under Attack Mode). url: https://github.com/sandman4812av/cloudflare-bypass description: CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 150 other CMSs url: https://github.com/sandman4812av/CMSeeK description: null url: https://github.com/sandman4812av/commando-vm description: Automated All-in-One OS command injection and exploitation tool. url: https://github.com/sandman4812av/commix description: CORS Misconfiguration Scanner url: https://github.com/sandman4812av/Corsy description: Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request. url: https://github.com/sandman4812av/CredsLeaker description: Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools. url: https://github.com/sandman4812av/crowbar description: Yet another subdomain finder url: https://github.com/sandman4812av/crtndstry description: Common User Passwords Profiler (CUPP) url: https://github.com/sandman4812av/cupp description: double-free bug in WhatsApp exploit poc url: https://github.com/sandman4812av/CVE-2019-11932 description: Selenium script to delete all of your Facebook wall posts url: https://github.com/sandman4812av/DeleteFB description: Extract endpoints from apk files. url: https://github.com/sandman4812av/Diggy description: An advanced web directory scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。 url: https://github.com/sandman4812av/dirmap description: DNCI - Dot Net Code Injector url: https://github.com/sandman4812av/DNCI description: dns rebind tool with custom scripts url: https://github.com/sandman4812av/dns-rebinding-tool description: Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock! url: https://github.com/sandman4812av/Dr.-Watson description: Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search. url: https://github.com/sandman4812av/EagleEye description: A OSINT tool to obtain a target's phone number just by having his email address url: https://github.com/sandman4812av/email2phonenumber description: Bash Enumeration Script url: https://github.com/sandman4812av/Enumeration-Script description: Enumeration sub domains(枚举子域名) url: https://github.com/sandman4812av/ESD description: Pwn stuff. url: https://github.com/sandman4812av/exploits description: Facebook Brute Forcer in shellscript using TOR url: https://github.com/sandman4812av/facebash description: Facebook_Account_Creation_With_SeleniumWebdriver_and_Python url: https://github.com/sandman4812av/Facebook_Account_Creation description: Facebook Information url: https://github.com/sandman4812av/fbi description: Fast web fuzzer written in Go url: https://github.com/sandman4812av/ffuf description: Tool for exploration and tracing of the Windows kernel url: https://github.com/sandman4812av/fibratus description: A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it url: https://github.com/sandman4812av/fileGPS description: A tool that use Certificate Transparency logs to find subdomains. url: https://github.com/sandman4812av/findomain description: null url: https://github.com/sandman4812av/FotoSploit description: 一个主要用于信息搜集的工具集,主要是用于对网站子域名、开放端口、端口指纹、c段地址、敏感目录等信息进行批量搜集。 url: https://github.com/sandman4812av/FuzzScanner description: Ghazi is a BurpSuite Plugins For Testing various PayLoads Like \XSS,SQLi,SSTI,SSRF,RCE and LFI\ through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in \Proxy\ or \Repeater\ TAB url: https://github.com/sandman4812av/Ghazi description: 🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind url: https://github.com/sandman4812av/GitHacker description: GoldenEye Layer 7 (KeepAlive+NoCache) DoS Test Tool url: https://github.com/sandman4812av/GoldenEye description: GoLismero - The Web Knife url: https://github.com/sandman4812av/golismero description: HackBar plugin for Burpsuite v1.0 url: https://github.com/sandman4812av/HackBar description: All in One Hacking Tool for Linux & Android url: https://github.com/sandman4812av/hacktronian description: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application url: https://github.com/sandman4812av/hakrawler description: A fast http and https prober, to check which URLs are alive url: https://github.com/sandman4812av/halive description: Hamburglar -- collect useful information from urls, directories, and files url: https://github.com/sandman4812av/Hamburglar description: Modern Phishing Tool With Advanced Functionality [ Android-Support-Available ] url: https://github.com/sandman4812av/HiddenEye description: Multithreaded Host Header Redirection Scanner url: https://github.com/sandman4812av/hostinjector description: HTTPFuzzer is a simple python script to perform multiple fuzzing techniques for HTTP protocol url: https://github.com/sandman4812av/HTTPFuzzer description: 一款快速修改HTTP数据包头的Burp Suite插件 url: https://github.com/sandman4812av/HTTPHeadModifer description: Take a list of domains and probe for working HTTP and HTTPS servers url: https://github.com/sandman4812av/httprobe description: Blind WAF identification tool url: https://github.com/sandman4812av/identYwaf description: Seven different DLL injection techniques in one single project. url: https://github.com/sandman4812av/injectAllTheThings description: null url: https://github.com/sandman4812av/injection description: Windows process injection methods url: https://github.com/sandman4812av/injection-1 description: Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request. url: https://github.com/sandman4812av/IPRotate_Burp_Extension description: finds publicly known security vulnerabilities in a website's frontend JavaScript libraries url: https://github.com/sandman4812av/is-website-vulnerable description: JAWS - Just Another Windows (Enum) Script url: https://github.com/sandman4812av/JAWS description: null url: https://github.com/sandman4812av/jsearch description: Windows kernel hacking framework, driver template and API written on C++ url: https://github.com/sandman4812av/Kernel-Bridge description: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. url: https://github.com/sandman4812av/keyhacks description: Knock Subdomain Scan url: https://github.com/sandman4812av/knock description: LaravelN00b .env Scanner url: https://github.com/sandman4812av/laravelN00b description: Local file inclusion exploitation tool url: https://github.com/sandman4812av/liffy description: A python script that finds endpoints in JavaScript files url: https://github.com/sandman4812av/LinkFinder