Yar is a tool for plunderin' organizations, users and/or repositories.
☆239Jan 3, 2021Updated 5 years ago
Alternatives and similar repositories for yar
Users that are interested in yar are comparing it to the libraries listed below
Sorting:
- Search exposed EBS volumes for secrets☆302Apr 24, 2023Updated 2 years ago
- Library Secruity dependency Checker☆12Sep 13, 2019Updated 6 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Signatures for wraith used to detect secrets across various sources☆15Jul 8, 2022Updated 3 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆78Mar 4, 2022Updated 4 years ago
- Search for secrets inside user data attached to EC2 instances on multiple AWS accounts☆16Jun 19, 2024Updated last year
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆18May 17, 2020Updated 5 years ago
- take a list of resolved subdomains and output any corresponding CNAMES en masse.☆18Jan 29, 2026Updated last month
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆469Nov 14, 2019Updated 6 years ago
- vulnerable single sign on☆150Aug 1, 2024Updated last year
- A tool to hunt for publicly accessible DigitalOcean Spaces☆156Jan 21, 2020Updated 6 years ago
- ☆29Jan 31, 2025Updated last year
- generates weak passwords based on current date☆44Jun 27, 2024Updated last year
- Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.☆1,547Mar 7, 2024Updated last year
- Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.☆3,944Feb 28, 2025Updated last year
- Unofficial WhatCMS API package☆40Mar 25, 2021Updated 4 years ago
- Capture all RabbitMQ messages being sent through a broker.☆32Feb 13, 2021Updated 5 years ago
- Check for know iframeBuster XSS☆12Sep 25, 2024Updated last year
- Generate pentest reports based on github issues.☆16Dec 8, 2022Updated 3 years ago
- Quick Start/Setup of CI/CD for Offensive/Defensive Purposes☆21Sep 4, 2021Updated 4 years ago
- Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.☆1,405Feb 10, 2026Updated 3 weeks ago
- Enumerate information from NTLM authentication enabled web endpoints 🔎☆504Sep 23, 2025Updated 5 months ago
- Collection of exploits/POC for PrestaShop cookie vulnerabilities (CVE-2018-13784)☆48Jul 17, 2018Updated 7 years ago
- Various Python scripts that have come in handy but aren't important enough to get their own repository☆22Feb 18, 2021Updated 5 years ago
- Gorsair gives root access on remote docker containers that expose their APIs☆850Dec 19, 2023Updated 2 years ago
- Simple python script to check against hypothetical JWT vulnerability.☆51Nov 29, 2020Updated 5 years ago
- Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.☆49Jul 20, 2022Updated 3 years ago
- A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.☆43May 1, 2020Updated 5 years ago
- A powerful target reconnaissance framework powered by graph theory.☆419Oct 21, 2022Updated 3 years ago
- Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)☆10Oct 18, 2018Updated 7 years ago
- FestIn - Open S3 Bucket Scanner☆231Dec 4, 2020Updated 5 years ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- Small Python library that makes it easy to exploit race conditions in web apps with Requests.☆161May 22, 2023Updated 2 years ago
- Burp extension to filter JSON on the fly with JQ queries in the HTTP message viewer.☆47Dec 24, 2020Updated 5 years ago
- CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4☆68Feb 3, 2020Updated 6 years ago
- ☆69Jul 18, 2025Updated 7 months ago
- An Open Source Multi Site Automated Social Media Phishing Framework☆153Aug 8, 2019Updated 6 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago