himanshu joshi's Projects
Config files for my GitHub profile.
Generates permutations, alterations and mutations of subdomains and then resolves them
A Tool for Domain Flyovers
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain. Feel free to fork, and add your own tools.
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Awesome XSS stuff
A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
A list of interesting payloads, tips and tricks for bug bounty hunters.
Burpsuite Extension to bypass 403 restricted directory
"Can I take over XYZ?" ā a list of services and how to claim (sub)domains with dangling DNS records.
this tool is inspired by shifa123/chaos-hunt you don't need to wait for api key by chaos project discovery to discover assets when using this tool
Prototype Pollution and useful Script Gadgets
š Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Content discovery wordlists generated using BigQuery
exploit code for F5-Big-IP (CVE-2020-5902)
CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
This is meant to assist people looking for entry level Cybersecurity jobs, as well as study up on skills that they can put on their resume.
šš¦ DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
Tool to automate recon
Jekyll theme based on Freelancer Start Bootstrap theme
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
šµļøāāļø Investigate Google Accounts with emails.
exploit for ImageMagick's uninitialized memory disclosure in gif coder
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Customisable and automated HTTP header injection
Tutorials and Things to Do while Hunting Vulnerability.