Tools designed for UNSW's COMP6443 / 6483 course (WebApp Security)
These tools were not optimized much and were written on-the-fly to meet the demand.
-
arbitrary_code_injection - arbitrary code execution. See one of tapes to get idea of what it is 😊
-
crash_your_browser_or_server - with a good chance (~10%) crashes your browser if not the whole OS! Thanks gent
-
Misc - Things I were working on but not too exciting/never got time to finish
-
bruteGetIPs - brutes the IP addresses on the dns ns.agency website. Takes one argument, the URL
-
bruteBing - brutes the ns.agency's pastebin knockoff on pastebing.ns.agency for the pastes encoded via Base62 scheme. Takes two arguments, the URL and the number of (remaining) base62 places to brute
-
bruteBing++ - bruteBing with smarts
-
gent - generates text within the range and copies it to clipboard (for the future use)
-
intelBing - a not-so successful attempt on gathering pastebing logic information by spamming pastes
-
🚗peekRive - dumps bing drive pastes via peeker-seeker
-
🚗peekRive_reverse - reverse-dumps bing drive by reverse user lookup from classic peekRive
-
🚗🚗riveSafe - a tool to ashame both drives and safes
-
XSS - everything related to XSS
-
zeroBing - a previously private, but now successful tool for attacking pastebing via rubbish data overflow
-
⛰️patch-last - Blue-team code patching assignment, the last task for COMP6843/6443.
- miniHTTPCatcher - Simple yet powerful pentesting HTTP server on Python 2
- git-dumper - Dumps .git directories where present. Helpt me greatly a couple of times
- dnsrecon - DNS subdomain bruteforcer
- clone-gists.py - Dump someone's all dists via API
- primefac fork - VERY Fast prime factorisation. Use -v flag
- Flask Session Cookie Decoder/Encoder - Encore and decode bloody flask cookiez. Opened a PR with great changes, see if I get approved 😊
- baseconv - A small but surprisingly useful script for (abstract) base conversion. Aside from converting to "whatever" base, helps to convert to the local weird encoding, such as here or on quickdecoder
- Nmap - Port scanning and service pentesting tool
- sqlmap - I'll kill you all! In the sequel!
- Burp - Intercept all traffic w/o messing with WireShark
- WireShark - Low-level packet analytics tool
- Tor - Humanity's worst challenger
- kitty - great fork of putty
-
⚽EditThisCookie - Edit Chrome cookies
-
🦊Cookie Editor - Edit Firefox cookies
-
⚽Proxy SwitchyOmega - Force Chrome to use proxy
-
🦊Proxy SwitchyOmega - Force Firefox to use proxy
-
🌈View Page Archive & Cache - Check if any online archive would leak anything worthy (Chrome, Firefox, Opera)
-
🌈Violentmonkey - Violent user scripts in your browser
-
🦊Cookie Quick Manager - Advanced cookie tools incl. cookie automation.
- CentralOps - Online DNS and WHOIS lookup tools
- IpLocation - IP location
- NIC - Russian WHOIS service. May produce different results as the authoritaristic DNS alternative emerges
- dencoder - URL encoder and decoder
- dcode.fr - 6441 staff hate him! Because of this ONE simple trick!
- PayloadsAllTheThings - Swiss army knife for injections and what not
- Testing for Reflected Cross site scripting - information on XSS
- 9k - kill the Windows 98
- Flask core - core used by COMP6443
-
Cheat engine for LinuxDirect access via /proc folder -
AHK for linuxarchive.org -
Executable arguments' blind but smart bruteforcer (both Linux and Windows)
-
WinHex analytics bundles for linux