alifathi-h1 / gh_scanner
GH Scanner Tool is written in Python3 and designed for penetration testers and bug bounty hunters to scan Organization/User repositories for leaks such as GitHub Token, AWS Access Keys, Slack Webhooks, Firebase, Private Keys and more.
☆33Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for gh_scanner
- Turns a list of URLs into hostnames.☆16Updated last year
- #JavascriptRecon #bugbounty☆22Updated 3 years ago
- It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.☆55Updated 2 years ago
- My Custom made Nuceli-Templates☆23Updated last year
- Magic Header Blind Xss tool (deliver blind xss payloads in request headers).☆27Updated 3 years ago
- A collection of famous recon public scripts, but in bash <3☆27Updated 3 years ago
- Shodan Favicon Hash Generator By Aziz Hakim @eternyle☆24Updated 5 months ago
- A modular URL deduplication tool.☆18Updated last year
- Burpsuite Plugin to detect Directory Traversal vulnerabilities☆28Updated 3 years ago
- Returns disallowed paths from robots.txt found on your target domain and snapshotted by the Wayback Machine☆26Updated 2 years ago
- Some wordlists collected form github to all bug bounty hunters.☆27Updated 3 years ago
- An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.☆43Updated 3 years ago
- Extracting api keys and secrets by requesting each url at the your list.☆16Updated 4 months ago
- Host Header Injection Checker☆79Updated 2 years ago
- Tool for making it easy to collect dns results from the CLI☆39Updated 3 months ago
- SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.☆38Updated 3 years ago
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files☆36Updated 3 years ago
- Dump all available paths and/or endpoints on WADL file.☆90Updated 2 weeks ago
- It grep subdomains, email/username, build custom wordlist etc from gau results☆45Updated 2 years ago
- KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…☆58Updated 3 years ago
- ☆14Updated 3 years ago
- Extract endpoints marked as disallow in robots files to generate wordlists.☆54Updated 2 years ago
- sub domain wild card filtering tool☆41Updated 4 years ago
- ☆21Updated 3 years ago
- Resolvers updated daily for reconftw☆46Updated last year
- Multithreaded Host Header Redirection Scanner☆12Updated 4 years ago
- ☆24Updated 3 years ago