Top Related Projects
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Directory/File, DNS and VHost busting tool written in Go
Fast web fuzzer written in Go
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
In-depth attack surface mapping and asset discovery
Quick Overview
The tomnomnom/hacks repository is a collection of small, useful hacking and security-related tools and scripts created by Tom Hudson (tomnomnom). It contains various utilities for tasks such as subdomain enumeration, content discovery, and data manipulation, primarily written in Go.
Pros
- Wide variety of tools for different security testing and reconnaissance tasks
- Lightweight and easy-to-use command-line utilities
- Regularly updated with new tools and improvements
- Well-documented with clear usage instructions for each tool
Cons
- Some tools may require additional setup or dependencies
- Not all tools are equally maintained or updated
- Limited GUI options, primarily command-line focused
- May require some technical knowledge to use effectively
Getting Started
To get started with the tools in the tomnomnom/hacks repository:
-
Clone the repository:
git clone https://github.com/tomnomnom/hacks.git
-
Navigate to the desired tool's directory:
cd hacks/[tool-name]
-
Build the Go tool (if necessary):
go build
-
Run the tool with appropriate arguments:
./[tool-name] [arguments]
For specific usage instructions, refer to the README file in each tool's directory or the main repository README.
Competitor Comparisons
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Pros of Nuclei
- More structured and organized project with extensive documentation
- Supports a wide range of protocols and vulnerability types
- Active development with frequent updates and community contributions
Cons of Nuclei
- Steeper learning curve due to its comprehensive nature
- Requires more system resources for large-scale scans
- May produce more false positives compared to simpler tools
Code Comparison
Nuclei (YAML-based template):
id: example-template
info:
name: Example Template
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/example"
Hacks (Bash script):
#!/bin/bash
url=$1
curl -s "$url/example" | grep "sensitive data"
Summary
Nuclei is a more comprehensive and structured vulnerability scanner, while Hacks is a collection of simple, focused scripts. Nuclei offers broader coverage and extensibility but requires more setup and resources. Hacks provides quick, lightweight tools for specific tasks but lacks the organization and extensive features of Nuclei. The choice between them depends on the user's needs, expertise, and the complexity of the security assessment task at hand.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Pros of hakrawler
- Focused on web crawling and content discovery
- Provides a single, dedicated tool for crawling websites
- Offers easy-to-use command-line options for customization
Cons of hakrawler
- Limited in scope compared to the diverse set of tools in hacks
- May require additional tools for comprehensive security testing
- Less flexibility for adapting to various security testing scenarios
Code Comparison
hakrawler:
func crawl(url string, depth int, c *colly.Collector) {
c.Visit(url)
if depth > 1 {
c.OnHTML("a[href]", func(e *colly.HTMLElement) {
crawl(e.Attr("href"), depth-1, c)
})
}
}
hacks (example from ffuf):
func main() {
flag.Parse()
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt)
go func() {
for range c {
// Handle CTRL+C
}
}()
}
While hakrawler focuses on web crawling functionality, hacks provides a collection of diverse security tools, each addressing specific needs. hakrawler offers a streamlined approach to content discovery, while hacks provides a broader toolkit for various security testing scenarios. The code snippets demonstrate the different focuses, with hakrawler implementing crawling logic and hacks (ffuf example) showing a more general-purpose structure for security tools.
Directory/File, DNS and VHost busting tool written in Go
Pros of gobuster
- Focused, single-purpose tool for directory and DNS enumeration
- Well-documented with clear usage instructions
- Actively maintained with regular updates and releases
Cons of gobuster
- Limited to specific enumeration tasks
- Less versatile compared to the diverse set of tools in hacks
- Requires Go runtime environment for execution
Code Comparison
gobuster:
func main() {
globalopts := parseGlobalOptions()
plugin := parsePlugin(globalopts)
plugin.Run()
}
hacks (example from ffuf):
#!/bin/bash
while read url; do
ffuf -u "$url/FUZZ" -w wordlist.txt -mc 200,301,302,403
done < urls.txt
Summary
gobuster is a specialized tool for directory and DNS enumeration, offering a focused approach with good documentation and active maintenance. However, it's limited in scope compared to the diverse collection of tools in hacks.
hacks provides a variety of small utilities and scripts for different security testing tasks, offering more flexibility but potentially less polish on individual tools. The choice between them depends on whether you need a dedicated enumeration tool or a broader toolkit for various security tasks.
Fast web fuzzer written in Go
Pros of ffuf
- Focused, single-purpose tool for web fuzzing
- Highly optimized for performance and speed
- Extensive documentation and active community support
Cons of ffuf
- Limited to web fuzzing tasks
- Steeper learning curve for beginners
- Less versatile compared to a collection of diverse tools
Code Comparison
ffuf:
func main() {
flag.Parse()
if err := ffuf.New().Run(); err != nil {
fmt.Printf("\n[!] Error: %s\n", err)
os.Exit(1)
}
}
hacks:
func main() {
flag.Parse()
urls := make(chan string)
var wg sync.WaitGroup
for i := 0; i < *concurrency; i++ {
wg.Add(1)
go worker(urls, &wg)
}
// ... (additional code)
}
Summary
ffuf is a specialized web fuzzing tool, offering high performance and extensive features for its specific purpose. hacks, on the other hand, is a collection of various security-related tools and scripts, providing more versatility but less depth in any single area.
ffuf excels in web fuzzing tasks, making it ideal for professionals focused on web application security. hacks offers a broader range of utilities, making it suitable for diverse security testing scenarios and experimentation.
The code comparison shows ffuf's streamlined approach to its single purpose, while hacks demonstrates a more flexible, multi-tool structure. Choose based on your specific needs: focused web fuzzing (ffuf) or a diverse toolkit (hacks).
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Pros of gau
- Focused on a single purpose: fetching URLs from various sources
- Faster execution for URL retrieval tasks
- Easier to integrate into automated workflows
Cons of gau
- Limited functionality compared to the diverse tools in hacks
- Less flexibility for customizing output or processing
- Requires additional tools for further analysis of retrieved URLs
Code Comparison
gau:
func getWaybackUrls(domain string, includeSubs bool) ([]string, error) {
var urls []string
wildcardDomain := "*." + domain
if !includeSubs {
wildcardDomain = domain
}
// ... (additional code)
}
hacks (example from httprobe):
func main() {
var concurrency int
flag.IntVar(&concurrency, "c", 20, "set the concurrency level")
flag.Parse()
// ... (additional code)
}
Summary
gau is a specialized tool for URL retrieval, offering speed and ease of use for specific tasks. hacks, on the other hand, provides a diverse set of security-focused tools with greater flexibility and customization options. While gau excels in its niche, hacks offers a broader range of functionality for various security testing and analysis tasks.
In-depth attack surface mapping and asset discovery
Pros of Amass
- More comprehensive and feature-rich for in-depth reconnaissance
- Actively maintained with regular updates and community support
- Offers advanced DNS enumeration and network mapping capabilities
Cons of Amass
- Steeper learning curve due to its extensive feature set
- Requires more system resources for large-scale scans
- May be overkill for simple, quick reconnaissance tasks
Code Comparison
Amass (Go):
enum := enum.NewEnumeration()
enum.Config.AddDomains([]string{"example.com"})
enum.Start()
Hacks (Various languages, mostly shell scripts):
#!/bin/bash
echo "example.com" | subfinder | httpx
Summary
Amass is a powerful, feature-rich tool for comprehensive reconnaissance, while Hacks is a collection of simpler, more focused scripts. Amass offers advanced capabilities but requires more resources and expertise. Hacks provides quick, lightweight solutions for specific tasks but lacks the depth and integration of Amass. Choose based on your project's complexity and requirements.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Hacks
Hacky one-off scripts, tests etc.
Top Related Projects
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Directory/File, DNS and VHost busting tool written in Go
Fast web fuzzer written in Go
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
In-depth attack surface mapping and asset discovery
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot