Dhruv Kandpal's Projects
All about bug bounty (bypasses, payloads, and etc)
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
This tool aims at accumulating javascript files from a given set of subdomains to discover hidden endpoints. It swims through JS files to find more JS files. It also creates a target-specific wordlist from the JS-files for further content discovery and dumps all the discovered JS files neatly in a folder for static analysis.
This tool generates random codes for brute-forcing pattern type pass codes.
Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all false positives and sends only legitimate results to burpsuite.
Mal-O-Not: Malicious Entity Detector
This repository will contain a CLI version of the project - Mal-OR-Not. The aim is to implement it using docker to learn something new.
Corelan Repository for mona.py
I will be posting codes for pentesting written in golang!
This project aims at creating a wordlist with permuation of paths from a set of URLs
This project aims at training/educating employees about real-life phishing attack scenarios by carrying out simulated spear-phishing attacks.
I am learning Golang! I will be posting my Go programs over here.
The project aims at building a Scan-Time Crypter that can assist a malware in bypassing antivirus software. The Crypter will open the malware from the disk while creating another output file to the disk. The Crypter will then extract the contents from the malware and obfuscate them using XOR encryption algorithm. The obfuscated contents will then be written to the previously created output file. When the obfuscated file is opened by the victim, the Crypter will then start the de-obfuscation process by using the same key it used to encrypt it in the first place.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
The project aims at creating target-specific wordlists for any web application that you are testing.
Brute force WordPress sites vulnerabile to XML-RPC amplification.