Godson ¯\_(ツ)_/¯'s Projects
A repository that includes all the important wordlists used while bug hunting.
aquatone results for sites with bug bountys
"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
Tool to check for dependency confusion vulnerabilities in multiple package management systems
Content-Type Research
🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
CrackQL is a GraphQL password brute-force and fuzzing utility.
Payloads for CRLF Injection
Client-Side Prototype Pollution Tools
Fun CTF (capture the flag) security challenges that I've created
Bunch of CTF writeups.
CTFの解法をまとめる。
Collections of CTF-WEB-challs mainly for review purpose.
Gather and update all available and newest CVEs with their PoC.
🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
Directory scans
dns rebind tool with custom scripts
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Create tar/zip archives that can exploit directory traversal vulnerabilities
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.
My subdomain enumeration script. It's unique in the way it is built upon.