Contributions to the Open Source community.

Cheat sheet

Github I maintain a technical cheat sheet here.

Projects to which I actively contribute

SecLists

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Github Sources.

Projects created and maintained

  • Github The complete list of all projects created is here.
  • Github Shared code snippets are here.

Burp PIPER custom scripts repository

Centralize and share all my custom scripts to be used with the PIPER Burp extension.

Github Sources.

Docker toolbox for web pentest

Docker image, updated every day, containing several useful tools during the evaluation of the security of a web application.

Github Sources.

PowerShell Android module

Utility PowerShell module when manipulating APK on Windows.

Github Sources.

BURP Extension to create an audit trail log

Record every HTTP request send via BURP and create an audit trail log of an assessment.

Github Sources.

Tool to automate the passive reconnaissance performed on a website prior to an assessment

Automate, when possible, the passive reconnaissance performed on a website prior to an assessment - no direct hit on the target.

Also used to guide a reconnaissance phase by defining all steps (manual or automated) that must be mandatory performed.

Github Sources.

Tool to generate a dictionary based on robots.txt files

Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites.

Github Sources.