Tools

Use lemma to run your tools with a click from the browser

lemma is a tool developed by defparam which allows you to run CLI tools on an AWS lambda. It has two main benefits. One is that it can seamlessly distribute your workload across different workers. The other is that it has a web interface to run CLI tools from within...

Secrets leaked in Postman collections

Trufflehog released a blogpost about secrets leaked on Postman collections. They interestingly break down how many and where are they leaking. https://trufflesecurity.com/blog/postman-carries-lots-of-secrets

JSON crack – visual JSON editor

JSON crack is a great tool for visualising JSONs. You can visually browse the contents and collapse or expand certain parts to make JSON easily browseable. https://jsoncrack.com/editor

JSON crack – visual JSON editor

JSON crack is a great tool for visualising JSONs. You can visually browse the contents and collapse or expand certain parts to make JSON easily browseable. https://jsoncrack.com/editor

cvemap from ProjectDiscovery

How many CVEs do you think were issued last year? 100? 1,000? 10,000? No, 24,804. Or 68 per day. It means “a” CVE doesn’t mean much. We need to find “the” CVE. The cvemap from Project Discovery is there to help us. It indexes CVEs along with attributes like the...

The Find command by @TomNomNom

My terminal workflow improved drastically after watching TomNomNom’s video with STÖK about using many useful bash commands. And it was only 36 minutes… That’s why I’m very happy to see Tom publishing his own videos because I know that he uses tools you and I use daily...

New free SSRF testing tool

@bebiksior created a tool that makes allows you to test SSRFs really easily. You no longer have to code something yourself if you need to control the HTTP response when testing for SSRFs. And it’s free to use! https://twitter.com/bebiksior/status/1723797751958257786

JS Monitoring implementation

I’ve been hearing about monitoring JS files for years now and I know that I should start doing it. Youssef Sammouda - Meta’s TOP1 hacker told me in my podcast that he chooses his targets based on monitoring JS files. But I still never got to it. Some of the reasons...

Caido catching more traction

For a long time, Burp suite was basically the HTTP proxy that everyone was using despite numerous problems that we have had with it. However, Burp’s competitor - Caido is getting more and more traction recently and is getting more people onboard. I’m happy to see it...