GitBleed Tools – for extracting data from mirrored git repositories This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories....
poro Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Install Prerequisites AWS...
frogy – subdomain enumeration script My goal is to create an open-source Attack Surface Management solution and make it capable to find all the IPs, domains, subdomains, live websites, login...
s3sec Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes...
Nuclei – Burp Extension A simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues. Installation Load the extension to burp Download...
GitLab Watchman GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects...
DotGit An extension for checking if .git is exposed in visited websites Features Check if a .git/.svn/.hg folder exists for each site you visit Check if a .env file exists...
darvester PoC Discord user and guild information harvester Data logged for each user: Users’ profile created date, and first seen date Users’ display name and discriminator Users’ user ID Users’...
dora Find exposed API keys based on RegEx and get exploitation methods for some of the keys that are found. Features Blazing fast as we are using ripgrep in the...
Driftwood Driftwood is a tool that can enable you to look up whether a private key is used for things like TLS or as a GitHub SSH key for a...
sigurlfind3r A passive reconnaissance tool for known URLs discovery – it gathers a list of URLs passively using various online sources. Features Collect known URLs: Fetches from AlienVault’s OTX, Common Crawl, URLScan, Github, and the Wayback...
Second Order Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Usage...
gh-dork – Github dorking tool Supply a list of dorks and, optionally, one of the following: a user (-u) a file with a list of users (-uf) an organization (-org)...
STEWS: Security Testing and Enumeration of WebSockets STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides...
gitrecon OSINT tool to get information from a Github or Gitlab profile and find user’s email addresses leaked on commits. How does this work? GitHub uses the email address associated...
Support Securityonline.info site. Thanks!
