Fast subdomain scanner, Takes arguments from a Json file (“args.json”) and outputs the subdomains. File Structure core/ db/ README.md LICENCE subx.py args.json Installation ▶ git clone https://github.com/whoamisec75/subx.git ▶ cd subx ▶ python3 subx.py Usage First add domain, concurrency, wordlist in args.json: { “domain”: “google.com”, “concurrency”: 40, “wordlist”: “db/wordlist.txt” } Now run    

AutoExploitSwagger 是一款可以跟xray，BurpSuite等扫描器结合的自动化API安全测试利用工具。可以在日常安全检查或者利用Swagger信息泄漏的场景下使用。 下载 git clone https://github.com/wyzmlr/AutoExploitSwagger.git 安装 cd AutoExploitSwagger/ pip install -r requirements.txt python start.py -h 使用帮助 python start.py -h Swagger API 自动化扫描工具 optional arguments: -h, –help show this help message and exit -u TARGET_URL, –url TARGET_URL swagger api地址 -i PROXY_IP, –ip PROXY_IP proxy ip    

Scanner to find .env file and .git repository exposure on multiple hosts Because of the response code from some hosts, it may have some false positives. requests and argparse pip3 install -r requirements.txt Be careful with the output filename as it can be deleted if duplicated python3 git_scan.py -t hosts.txt -o results.txt -f git or env GitHub https://github.com/scarmandef/git-mass-scan