Web Application & Android Application Security
Develop Security Testing / Fuzzing Tools
Vulnerability Research and Exploit Development
Participate in Bug Bounty Programs
Parse BurpSuite-Proxy Generated XML (intercept history) files into html. Some of the functionalities are : Open index.html in your browser. It contains all the result.For more details on each request click on "Click!" button. StaticFiles.zip contains JS library files (jQuery, datatables).
Checks weather the SPF record of a domain exists or not. It basicaly uses SPF Query Tool. Ans SPF record or Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain.
Check the dns has wildcard enable or not for a domain : If wildcard dns is enable then it is not suitable to bruteforce for subdomain enumeration.If wildcard dns is disable then go for bruteforce for subdomain enumeration.
Check A type DNS reconrds of a Domain/Subdomain. DNS A records contain the IP address of a domain, specifically the IPv4 address.
A Numeric html encoder. Convert string into HTML encoded value (with numeric values of ascii). It is useful in Web Attacks like HTML/Code Injection.
Perform DNS Lookup on given list of domain name and return IP addresses. Simply takes domainlist as an input. (saparated by newline '\n') and return their IP address.
Used to detect if a web-server is using http, https or both. take domainlist as an input. (saparated by newline '\n')
A simple python script which crawl all the anchor tab in a web page. I use this for Offline CTF chellenges (Vulnerable VMs), because the other advanced tools takes a bit longer to finish the scan.
Generate php code for reverse shell backdoor. The generated code is based on Pentestmonkey reverse php shell.
jq wrapper script for parsing json files generated by various tools.
Convert all images into base64 encoded string on markdown '.md' files. It basically grabs the image tag, generate base64 string of image and then replace image path with base64 string, so its easy to use/move/blog markdown files without being hassaled by moving all image files. It works on png, jpg, jpeg and gif files.
Some shell scripts to start and stop the docker containers.
SecureBitLabs is a boutique penetration testing company with focus on network, cloud, and web/mobile application penetration testing services. As a deep-dive security testing provider, we uncover vulnerabilities which put your organization at risk, and provide guidance to mitigate them. We bring together the security research, proprietary technologies, and industry-leading security engineers to create the best penetration testing firm in the industry. So whether your focus is the external network, complex web applications, in the AWS cloud, or social engineering testing, we have the specialists to fit your unique needs.Download Our Portfolio