Scaffolded from one-multi-repos:
automated submodule setup + GitHub Actions for keep-up-to-date modules.
This is my personal companion repo I take with me on new machines where I need to perform security testing. As long as I pull this, I know it will have all other repos updated.
I called it "companion" as with it it brings hackers' most underrated friends: wordlists, payloads, dictionaries and so on.
Being public this is limited to public repositories only. If you like me need to have all your secret and private weapones as well, you can just apply this concept like I have.
Say you have custom dictionaries, payloads, exploits all sitting on private repositories, just repackage it all together in a "final companion" so it will have:
- all your private "companions"
- the "public" companion (for me, HackPanion)
git clone --recursive --depth 1 git@github.com:gosirys/hackPanion.git
git pull --recurse-submodules --depth=1
| Repository | Stars | Activity | Description |
|---|---|---|---|
| PayloadsAllTheThings | 65.1k | High | A curated list of payloads and bypasses for web application security testing and pentests. |
| SecLists | 62.6k | High | A comprehensive collection of usernames, passwords, URLs, fuzzing payloads, web shells, and more for security assessments. |
| bruteforce-lists | 1.3k | Low | Wordlists and data files tailored for brute-forcing various targets. |
| fuzzDicts | 7.9k | Low | Ready-to-use dictionaries designed specifically for web application fuzzing. |
| leaky-paths | <1k | Low | Known sensitive or misconfigured paths and endpoints for rapid content discovery. |
| many-passwords | <1k | Low | Default and common credential lists for IoT devices, admin panels, and embedded systems. |
| resolvers | <1k | High | An exhaustive, validated list of reliable public DNS resolvers. |
| wordlists | 1.5k | Medium | A curated collection of real-world wordlists for reconnaissance and brute-forcing. |
| GAP-Burp-Extension | <1k | Low | A Burp Suite extension that discovers endpoints, parameters, and generates custom target wordlists. |
| BurpSuiteSharpener | <1k | Low | UI and usability enhancements for Burp Suite, improving tab management and styling. |
| LoggerPlusPlus | <1k | Low | A multithreaded logging extension for Burp Suite with advanced filtering and export options. |
| burp-awesome-tls | <1k | Low | A Burp extension to evade TLS fingerprinting, bypass WAFs, and spoof browser TLS profiles. |
| TProxer | <1k | Low | Automates discovery of reverse-proxy-based SSRF paths within Burp Suite. |