szski / shapeshifter
GraphQL security testing tool
☆113Updated 2 years ago
Related projects: ⓘ
- Continuous monitoring for JavaScript files☆216Updated 4 years ago
- Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers …☆141Updated 5 months ago
- MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts☆77Updated last year
- ☆125Updated this week
- GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fing…☆198Updated last year
- List HackerOne private program assets☆148Updated 3 years ago
- Burp Suite Extension to monitor new scope☆195Updated 3 years ago
- SSRF testing tool☆242Updated last year
- Predict Mongo ObjectIds☆125Updated 6 years ago
- GraphQL security workshop labs☆100Updated 2 months ago
- Adds a customizable "Send to..."-context-menu to your BurpSuite.☆147Updated last year
- ☆108Updated 3 years ago
- The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources☆121Updated 3 years ago
- A permutation generation tool written in golang☆206Updated 5 years ago
- Suite of programs meant to aid in bug hunting and security assessments☆75Updated 4 years ago
- A tool geared towards pentesting APIs using OpenAPI definitions.☆167Updated last year
- Push notifications for passive DNS data☆105Updated 8 years ago
- ☆72Updated 2 years ago
- Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures t…☆204Updated 4 years ago
- You can read the writeup on this script here☆192Updated 2 years ago
- Cross Origin Resource Sharing MisConfiguration Scanner☆168Updated 2 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆252Updated last year
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆130Updated 3 years ago
- Scripts to help with different ffuf tasks and workflows☆211Updated 8 months ago
- Fresh DNS servers☆83Updated this week
- Takeover AWS ips and have a working POC for Subdomain Takeover.☆88Updated 5 months ago
- a .js scanner, built in php. designed to scrape urls and other info☆203Updated 7 years ago
- Brute force AWS bucket finder☆58Updated last year
- ASN reconnaissance script☆121Updated 7 months ago
- Automatic tool for DNS rebinding-based SSRF attacks☆292Updated 4 years ago