There are a few projects GainSec have and are currently developing:
Golden Nuggets
A Burp Plugin enabling a one click solution for instantly creating URI, URI Param and Single Word Wordlists from any selected Domains in Burp Suite.
Link HERE
Tree House Wordlists
Wordlist Project meant to add-on to the popular FuzzDB, SecLists, Blasting Dictionary, PayloadAllTheThings and more!
Link HERE
Hackers LunchBox
A collection of Finding/Vulnerability/Attack Path/Exploit Mind Maps meant to assist in more findings, better vulnerability chains and a clearer path of how and where to test, look and leverage what you’re encountering during an engagement.
Link HERE
Proof of Concept (PoC) for CVE: 2017-16744 and 2017-16748
A PoC script to check if a certain tridium niagara installation is vulnerable to either vulnerablity
Link HERE
Weaponized Mousejack and Keysniff Vulnerabilities
A python script for the Crazy Radio USB Dongle that weaponized the Mousejack and Keysniff Vulnerabilities as well as creating a DB with the information gathered from running
Link HERE
Dorker
A python CLI to assist in your search engine dorking! Just input what you’re looking for and let it format the dorks for you!
Link HERE
Contributions to SecLists
Although I’m not one of the maintainers of SecLists I did contribute five wordlists (so far!) to SecLists.
Link HERE
Contributed to LeakLooker-X
I’m not the creator of LeakLooker-X but I did contribute a few minor fixes!
Link HERE
CVES Discovered
Although they’re included in the press page found HERE.
I figured I would include list here as well. Here is the list of CVEs I’ve discovered!
- CVE-2017-16744 – Blog Post
- CVE-2017-16748 – Blog Post
- CVE-2022-34613 – Blog Post
- CVE-2022-34618 – Blog Post
- CVE-2022-34619 – Blog Post
- CVE-2022-34625 – Blog Post
- CVE-2022-34009 – Blog Post
- CVE-2022-35142 – Blog Post
- CVE-2022-35143 – Blog Post
- CVE-2022-35144 – Blog Post
- CVE-2022-34108 – Blog Post
- CVE-2022-34615 – Blog Post
- CVE-2022-34621 – Blog Post
- CVE-2022-34623 – Blog Post
- CVE-2022-34624 – Blog Post
- CVE-2022-34109 – Blog Post
- CVE-2022-34110 – Blog Post
- CVE-2022-37857 – Blog Post
- CVE-2022-37164 – Blog Post
- CVE-2022-37163 – Blog Post
- CVE-2022-34624 – Blog Post
More Coming Very Soon!