nullenc0de/Cognitohunter external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nullenc0de/Cognitohunter

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nullenc0de/Cognitohunter)

Close

nullenc0de / CognitohunterView on GitHubMore

• External links
• Readme badge

A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter specializes in dissecting AWS Cognito implementations and performing advanced credential-to-session conversions.

☆21Jan 20, 2025Updated last year

Alternatives and similar repositories for Cognitohunter

Users that are interested in Cognitohunter are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• BlackFan / Burp-Ai-Substitutor

  View on GitHub
  AI Substitutor is an extension for Burp Suite that uses AI functionality to substitute values of HTTP request parameters and headers.
  ☆27Apr 30, 2025Updated 10 months ago
• SorceryIE / cfor_exploit

  View on GitHub
  Exploit script for the CFOR vulnerability using Github's GraphQL API
  ☆23Aug 7, 2024Updated last year
• bytehope / wwe

  View on GitHub
  ☆26Mar 11, 2025Updated last year
• geeknik / test-proxy

  View on GitHub
  Advanced test for proxy & waf
  ☆14Feb 10, 2026Updated last month
• nullenc0de / paramhunter

  View on GitHub
  Looks for parameters in urls
  ☆34Oct 14, 2024Updated last year
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• thalysonz / pentest-flutter-guide

  View on GitHub
  Repository aimed at helping to perform pentests on flutter applications
  ☆18Jul 10, 2024Updated last year
• N0MoreSecr3ts / wraith-signatures

  View on GitHub
  Signatures for wraith used to detect secrets across various sources
  ☆15Jul 8, 2022Updated 3 years ago
• francisconeves97 / jxscout-burp

  View on GitHub
  Burp plugin for jxscout
  ☆20May 12, 2025Updated 10 months ago
• inguardians / ivanti-VPN-issues-2024-research

  View on GitHub
  Invanti VPN Vulnerabilities for Jan - Feb 2024 - Links to Keep it all Organized
  ☆16Feb 15, 2024Updated 2 years ago
• BlackFan / BFScan

  View on GitHub
  Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used …
  ☆245Dec 9, 2025Updated 3 months ago
• jtmpu / PrecompiledBinaries

  View on GitHub
  Precompiled binaries for various projects
  ☆13Nov 6, 2020Updated 5 years ago
• dsecuredcom / dynamic-file-searcher

  View on GitHub
  Tool to scan servers and hosts using dynamic paths.
  ☆21Oct 1, 2025Updated 5 months ago
• trufflesecurity / WhoAmISlack

  View on GitHub
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆41Dec 12, 2023Updated 2 years ago
• ethicalhackingplayground / shodan-grabber

  View on GitHub
  Shodan-Grabber is a Node.js tool for scraping IP addresses and other information from Shodan's web interface. It utilizes Puppeteer for w…
  ☆17Nov 13, 2024Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• doyensec / oidc-ssrf

  View on GitHub
  An Evil OIDC Server
  ☆53Oct 19, 2022Updated 3 years ago
• ecbftw / poc

  View on GitHub
  A collection of published exploits and proof-of-concept code.
  ☆21Dec 19, 2017Updated 8 years ago
• emanuelepicas / OSEP

  View on GitHub
  OSEP - Offsec Expert Professional
  ☆21Jun 23, 2024Updated last year
• Sudistark / BB-Writeups

  View on GitHub
  Will share some interesting writeups here :)
  ☆18Oct 18, 2023Updated 2 years ago
• avlidienbrunn / archivealchemist

  View on GitHub
  Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.
  ☆227Jul 24, 2025Updated 8 months ago
• dsecuredcom / vhost-fuzzer

  View on GitHub
  Tool to fuzz for interesting vhost.
  ☆24Jan 8, 2025Updated last year
• mosesrenegade / PMapper

  View on GitHub
  A tool for quickly evaluating IAM permissions in AWS.
  ☆60Nov 6, 2023Updated 2 years ago
• ShadowHatesYou / whori.sh

  View on GitHub
  Zone transfers for rwhois
  ☆20Feb 27, 2019Updated 7 years ago
• zer0yu / anew

  View on GitHub
  A tool for adding new lines to files, skipping duplicates and written in Rust!
  ☆19May 8, 2025Updated 10 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• dsecuredcom / yataf

  View on GitHub
  yataf extracts secrets and paths from files or urls - its best used against javascript files
  ☆52Sep 11, 2024Updated last year
• tenable / hidden-services-revealer

  View on GitHub
  ☆40Aug 2, 2024Updated last year
• vp777 / metahttp

  View on GitHub
  A bash script that automates the scanning of a target network for HTTP resources through XXE
  ☆37Dec 2, 2020Updated 5 years ago
• k4sth4 / SeLoadDriverPrivilege

  View on GitHub
  Windows Privilege Escalation
  ☆23Jun 7, 2022Updated 3 years ago
• MartinoTommasini / offlineSCCMdecrypt

  View on GitHub
  Step-by-step documentation on how to decrypt SCCM database secrets offline
  ☆50Oct 20, 2025Updated 5 months ago
• AethliosIK / reset-tolkien

  View on GitHub
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆148Dec 9, 2024Updated last year
• dillonfranke / protoburp

  View on GitHub
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆37Mar 4, 2025Updated last year
• vulnableone / BypassX

  View on GitHub
  The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.
  ☆27Mar 9, 2024Updated 2 years ago
• cyberaz0r / Burp-IISTildeEnumerationScanner

  View on GitHub
  Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability
  ☆62Jun 12, 2023Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• sandumjacob / IngressNightmare-POCs

  View on GitHub
  CVE-2025-1974
  ☆90Apr 2, 2025Updated 11 months ago
• six2dez / degoogle_hunter

  View on GitHub
  Simple fork from degoogle original project with bug hunting purposes
  ☆91Jun 15, 2022Updated 3 years ago
• Moopinger / smugglefuzz

  View on GitHub
  A rapid HTTP downgrade smuggling scanner written in Go.
  ☆313May 16, 2024Updated last year
• hakaioffsec / navgix

  View on GitHub
  navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities
  ☆73May 20, 2023Updated 2 years ago
• c3l3si4n / subdomain_data

  View on GitHub
  Results from analyzing data gathered from 1.6 billion subdomains
  ☆32Oct 15, 2024Updated last year
• tehryanx / normal.py

  View on GitHub
  Find unicode codepoints to use in normalisation and transformation attacks.
  ☆11Mar 15, 2021Updated 5 years ago
• Damian89 / simple-oob-scanner

  View on GitHub
  Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
  ☆30Aug 2, 2019Updated 6 years ago