gau

gau is a tool that fetches known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain.

jenkinz

jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance. This allows an attacker to find secrets within logs. For example, read this blog post.

secretz

secretz is a tool that minimizes the large attack surface of Travis CI. It automatically fetches repos, builds, and logs for any given organization. Built during and for research on TravisCI that I participated in.


brute53

brute53 is a tool to bruteforce nameservers when working with subdomain delegations to AWS. Based off Frans Rosén’s talk “DNS hijacking using cloud providers - no verification needed”.


bugbountylink is a URL Shortening service I created. It’s useful for creating redirects on the fly when testing for Server-Side Request Forgery.


TheftFuzzer

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.


230-OOB

230-OOB is a python script that emulates an FTP server that assists you in achieving file read via Out-of-Band XXE.


xxe.sh

xxe.sh is a tool that generates an XXE payload and a DTD to achieve file read via XXE. It is meant to be used with 230-OOB