Projects

Below some of projects I’m really proud of. Mainly developed to help me in bug hunting, you can find them all and much more on my GitHub profile. Feel free to clone and update them as much as you want to fit your own needs.



offsec.tools

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming. Curated by the community, feel free to add your own tool and subscribe the newsletter. link



DataExtractor

DataExtractor

A Burp Suite extension to extract data from source code while browsing. Useful to find secrets, subdomains, endpoints and whatever your imagination wants. link



github-regexp

github-*

A collection of scripts to find data on GitHub: secrets, subdomains, endpoints, employees... link



related-domains

related-domains

Find related domains of a given domain. Useful to expand your attack surface when you target big companies or when you lack of success on the main scope. link



cloudflare-origin-ip

cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare. The origin IP will help you to bypass the protections in place, so you can perform all kind of attacks you want. link



favicon-hashtrick

favicon-hashtrick

This Python tool calculates the hash of a given image (a favicon file or url) and then performs a search on Shodan to find webapps that use the same favicon. This is very useful to find subdomains during the recon process. link



csp-analyzer

csp-analyzer

This Python tool displays the Content-Security-Policy header of a given URL in a pretty way. The colors show the "severity" of the potential issue. link

…and much more here.