secretz

secretz is a tool that minimizes the large attack surface of Travis CI. It automatically fetches repos, builds, and logs for any given organization. Built during and for research on TravisCI that I participated in.


brute53

brute53 is a tool to bruteforce nameservers when working with subdomain delegations to AWS. Based off Frans Rosén’s talk “DNS hijacking using cloud providers - no verification needed”.


bugbountylink is a URL Shortening service I created. It’s useful for creating redirects on the fly when testing for Server-Side Request Forgery.


TheftFuzzer

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.


230-OOB

230-OOB is a python script that emulates an FTP server that assists you in achieving file read via Out-of-Band XXE.


xxe.sh

xxe.sh is a tool that generates an XXE payload and a DTD to achieve file read via XXE. It is meant to be used with 230-OOB