nielsing / yar
Yar is a tool for plunderin' organizations, users and/or repositories.
β231Updated 3 years ago
Related projects: β
- Find cloud assets that no one wants exposed π βοΈβ330Updated 4 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.β215Updated 3 months ago
- A tool for automatically gathering sensitive information from exposed Jenkins serversβ103Updated last year
- Monitors Github for leaked secretsβ188Updated last month
- An open source intelligence tool to crawl the graph of certificate Alternate Namesβ341Updated 7 months ago
- secretz, minimizing the large attack surface of Travis CIβ321Updated 2 years ago
- Search exposed EBS volumes for secretsβ278Updated last year
- A tool for identifying misconfigured CloudFront domainsβ342Updated 4 years ago
- β298Updated this week
- Benchmarking repo for secrets scanningβ229Updated last month
- These are the regexes that power truffleHogβ209Updated last year
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.β552Updated last year
- Declarative penetration testing orchestration frameworkβ288Updated 4 years ago
- A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover supportβ288Updated last month
- Finding exposed secrets and personal data in GitLabβ195Updated last year
- an asynchronous target enumeration toolβ239Updated last year
- barq: The AWS Cloud Post Exploitation framework!β385Updated last year
- A tool to enumerate S3 buckets manually or via certstreamβ80Updated last year
- FestIn - Open S3 Bucket Scannerβ227Updated 3 years ago
- Burp with Friendsβ99Updated last year
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessmentsβ242Updated 4 years ago
- Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Applicaβ¦β480Updated 6 years ago
- DNS Rebinding Exploitation Frameworkβ479Updated 3 years ago
- Python automation of Docker.sock abuseβ210Updated last year
- A collection of useful Serverless functions I use when pentestingβ379Updated last year
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.β393Updated 4 years ago
- π° A Python script for AWS S3 bucket enumeration.β137Updated last year
- Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspaceβ725Updated 3 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rulesβ37Updated 3 years ago