reddelexc / Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Hackerone Reports
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+93.67%)
Mutual labels: xss, rce, csrf, bugbounty
Resources
No description or website provided.
Stars: ✭ 38 (-91.7%)
Mutual labels: xss, sql-injection, bugbounty
diwa
A Deliberately Insecure Web Application
Stars: ✭ 32 (-93.01%)
Mutual labels: xss, sql-injection, csrf
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-96.94%)
Mutual labels: xss, sql-injection, csrf
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+1860.92%)
Mutual labels: sql-injection, csrf, bugbounty
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+742.36%)
Mutual labels: xss, rce, csrf
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+2573.8%)
Mutual labels: xss, sql-injection, csrf
solutions-bwapp
In progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (-65.5%)
Mutual labels: xss, sql-injection, csrf
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-81.66%)
Mutual labels: xss, bugbounty
Flag-Capture
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
Stars: ✭ 84 (-81.66%)
Mutual labels: sql-injection, csrf
Protect
Proactively protect your Node.js web services
Stars: ✭ 394 (-13.97%)
Mutual labels: xss, sql-injection
security-wrapper
对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (-95.41%)
Mutual labels: xss, csrf
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-15.07%)
Mutual labels: xss, sql-injection
XSS-Payload-without-Anything
XSS Payload without Anything.
Stars: ✭ 74 (-83.84%)
Mutual labels: xss, bugbounty
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-81.44%)
Mutual labels: xss, bugbounty
SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-50.22%)
Mutual labels: rce, csrf
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-41.7%)
Mutual labels: xss, rce
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+542.36%)
Mutual labels: xss, sql-injection
Tops of HackerOne reports. All reports' raw info stored in data.csv
.
Scripts to update data.csv
are written in Python 3 and require selenium
.
Every script contains some info about how it works.
The run order of scripts:
fetcher.py
filler.py
rater.py
Tops 100.
Tops by bug type.
- Top XSS reports
- Top XXE reports
- Top CSRF reports
- Top IDOR reports
- Top RCE reports
- Top SQLi reports
- Top SSRF reports
- Top Race Condition reports
- Top Subdomain Takeover reports
- Top Open Redirect reports
- Top Clickjacking reports
- Top DoS reports
- Top OAuth reports
Tops by program.
- Top Mail.ru reports
- Top HackerOne reports
- Top Shopify reports
- Top Nextcloud reports
- Top Twitter reports
- Top Uber reports
- Top Node.js reports
- Top shopify-scripts reports
- Top Legal Robot reports
- Top U.S. Dept of Defense reports
- Top Gratipay reports
- Top Weblate reports
- Top VK.com reports
- Top New Relic reports
- Top LocalTapiola reports
- Top Zomato reports
- Top Slack reports
- Top ownCloud reports
- Top GitLab reports
- Top Ubiquiti Inc. reports
- Top Automattic reports
- Top Coinbase reports
- Top Verizon Media reports
- Top Starbucks reports
- Top Paragon Initiative Enterprises reports
- Top PHP (IBB) reports
- Top Brave Software reports
- Top Vimeo reports
- Top OLX reports
- Top concrete5 reports
- Top Phabricator reports
- Top Pornhub reports
- Top Localize reports
- Top Qiwi reports
- Top WordPress reports
- Top The Internet reports
- Top Open-Xchange reports
- Top Razer reports
- Top Rockstar Games reports
- Top GitHub Security Lab
- Top h1-ctf
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].