Skip to content
View strawp's full-sized avatar
42 followers · 0 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: QuickdrawAchievement: Starstruckx3Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: QuickdrawAchievement: Starstruckx3Achievement: Arctic Code Vault Contributor

Block or report strawp

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
strawp/README.md

I'm a CHECK Team Leader web app pentester and I largely build quick and dirty scripts to exploit web vulnerabilities. Some of my stuff is also in /nettitude.

Highlights:

  • pwnlyoffice - Exploit ONLYOFFICE vulnerabilities for RCE
  • xss_payloads - Do better than alert(1)
  • zeropress - Dumb script for finding dumb PHP mistakes
  • version-detective - Work out a target site's framework version using git
  • Random Scripts - A few surprisingly useful tools that get used in pentests quite a lot
  • swagger-hose - Ingest a whole bunch of swagger docs and squirt requests in to speed up pentest triage / fuzzing

You can reach me on:

Popular repositories Loading

  1. web-shells web-shells Public

    Web shells for use in penetration testing

    Shell 39 19

  2. random-scripts random-scripts Public

    Quick and dirty scripts that don't really belong in a larger project

    Python 34 10

  3. greedy-git greedy-git Public

    Forked from sbp/gin

    Tool for analysing remote git repos accidentally shared by web devs

    Python 29 2

  4. autotrader-miner autotrader-miner Public

    Single-user site for mining Autotrader.co.uk data and providing more useful searches for cars

    PHP 19 1

  5. poisonpen poisonpen Public

    Python tool for creating malicious Office docs

    Python 6 5

  6. version-detective version-detective Public

    Use git and static files to determine a web application's middleware version

    Python 3