There are a few projects GainSec have and are currently developing:
Golden Nuggets
A Burp Plugin enabling a one click solution for instantly creating URI, URI Param and Single Word Wordlists from any selected Domains in Burp Suite.
Link HERE
Tree House Wordlists
Wordlist Project meant to add-on to the popular FuzzDB, SecLists, Blasting Dictionary, PayloadAllTheThings and more!
Link HERE
Proof of Concept (PoC) for CVE: 2017-16744 and 2017-16748
A PoC script to check if a certain tridium niagara installation is vulnerable to either vulnerablity
Link HERE
Weaponized Mousejack and Keysniff Vulnerabilities
A python script for the Crazy Radio USB Dongle that weaponized the Mousejack and Keysniff Vulnerabilities as well as creating a DB with the information gathered from running
Link HERE
Dorker
A python CLI to assist in your search engine dorking! Just input what you’re looking for and let it format the dorks for you!
Link HERE
]\
Contributions to SecLists
Although I’m not one of the maintainers of SecLists I did contribute five wordlists (so far!) to SecLists.
Link HERE
Contributed to LeakLooker-X
I’m not the creator of LeakLooker-X but I did contribute a few minor fixes!
Link HERE
CVES Discovered
Although they’re included in the press page found HERE.
I figured I would include list here as well. Here is the list of CVEs I’ve discovered!
- CVE-2017-16744 – Blog Post
- CVE-2017-16748 – Blog Post
- CVE-2022-34613 – Blog Post
- CVE-2022-34618 – Blog Post
- CVE-2022-34619 – Blog Post
- CVE-2022-34625 – Blog Post
- CVE-2022-34009 – Blog Post
- CVE-2022-35142 – Blog Post
- CVE-2022-35143 – Blog Post
- CVE-2022-35144 – Blog Post
- CVE-2022-34108 – Blog Post
- CVE-2022-34615 – Blog Post
- CVE-2022-34621 – Blog Post
- CVE-2022-34623 – Blog Post
- CVE-2022-34624 – Blog Post
- CVE-2022-34109 – Blog Post
- CVE-2022-34110 – Blog Post
- CVE-2022-37857 – Blog Post
- CVE-2022-37164 – Blog Post
- CVE-2022-37163 – Blog Post
- CVE-2022-34624 – Blog Post
More Coming Very Soon!