- Zagreb, Croatia
- https://hr.linkedin.com/in/ivan-sincek
- @IvanSincek
Highlights
- Pro
-
property-lister Public
Extract and convert property list files from SQLite database files and from other property list files.
-
scrapy-scraper Public
Web crawler and scraper based on Scrapy and Playwright's headless browser.
-
chad Public
Search Google Dorks like Chad. / Broken link hijacking tool.
-
file-scraper Public
Scrape files for sensitive information, and generate an interactive HTML report. Based on Rabin2.
-
Work in progress...
-
nagooglesearch Public
Not another Google searching tool.
-
bot-safe-agents Public
A library for fetching a list of bot-safe user agents.
-
amounts Public
Generate a wordlist to fuzz amounts or any other numerical values.
-
Work in progress...
-
-
go-actions Public archive
Golang SAST workflows.
-
forbidden Public
Bypass 4xx HTTP response status codes and more. Based on PycURL and Python Requests.
-
browser-extension-automation Public
Run a browser extension in a sandboxed web browser and without any fear of corrupting or loosing your real data.
-
solidity-learning Public
Work in progress...
-
Work in progress...
-
malware-apk Public
Are your bug bounty reports getting rejected because you don't use a "malicious" PoC app to exploit the vulnerabilities? I've got you covered!
-
xss-catcher Public
Simple API for storing all incoming XSS requests and various XSS templates.
-
Work in progress...
-
dns-exfiltrator Public
Exfiltrate data with DNS queries. Based on CertUtil and NSLookup.
-
jwt-bf Public archive
Brute force a JWT token. Script uses multithreading.
-
mixaudit-sarif Public archive
Convert MixAudit's JSON formatted results to SARIF format.
-
php-reverse-shell Public
PHP shells that work on Linux OS, macOS, and Windows OS.
-
python-actions Public archive
Python SAST workflows.
-
transporter Public archive
Send packets through raw sockets.
-
domain-extractor Public archive
Extract valid or partially valid domain names and IPs from malicious or invalid URLs.
-
java-reverse-tcp Public
JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
-
keylogger Public archive
Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
-
websocket-bf Public archive
Brute force a REST API query through WebSocket. Based on cURL.
-
dnsrecon-chunked Public archive
Brute force subdomains in multiple smaller iterations. Based on DNSRecon.
-
send-tcp-payload Public archive
Send a payload through TCP.