Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Stars: ✭ 85 (-83.81%)

Mutual labels: infosec, bugbounty

H2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Stars: ✭ 292 (-44.38%)

Mutual labels: infosec, bugbounty

Subcert

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Stars: ✭ 58 (-88.95%)

Mutual labels: infosec, bugbounty

Hetty

Hetty is an HTTP toolkit for security research.

Stars: ✭ 3,596 (+584.95%)

Mutual labels: infosec, bugbounty

Bugbounty Cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

Stars: ✭ 3,644 (+594.1%)

Mutual labels: infosec, bugbounty

T1tl3

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Stars: ✭ 14 (-97.33%)

Mutual labels: infosec, bugbounty

Metabigor

Intelligence tool but without API key

Stars: ✭ 424 (-19.24%)

Mutual labels: infosec, bugbounty

osmedeus-workflow

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Stars: ✭ 26 (-95.05%)

Mutual labels: infosec, bugbounty

Pentesting

Misc. Public Reports of Penetration Testing and Security Audits.

Stars: ✭ 24 (-95.43%)

Mutual labels: infosec, bugbounty

gwdomains

sub domain wild card filtering tool

Stars: ✭ 38 (-92.76%)

Mutual labels: infosec, bugbounty

Megplus

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Stars: ✭ 268 (-48.95%)

Mutual labels: infosec, bugbounty

Astra

Astra is a tool to find URLs and secrets inside a webpage/files

Stars: ✭ 187 (-64.38%)

Mutual labels: infosec, bugbounty

security-policy-specification-standard

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Stars: ✭ 24 (-95.43%)

Mutual labels: infosec, bugbounty

Xxe Injection Payload List

🎯 XML External Entity (XXE) Injection Payload List

Stars: ✭ 304 (-42.1%)

Mutual labels: infosec, bugbounty

Bugbountyguide

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Stars: ✭ 338 (-35.62%)

Mutual labels: infosec, bugbounty

View All Similar Projects ➔

learn365

This repository contains all the information shared during my Learn 365 Challenge. Learn 365 is a challenge to keep the learning spirit going on and challenge myself to learn something daily for the whole year, it can be anything from infosec to general life. Follow me on Twitter for Regular Updates: Harsh Bothra. Huge thanks to Mehedi Hasan Remon, who originally created and maintained this repository.

S.NO	Mind Map
1	2FA Bypass Techniques
2	Scope Based Recon
3	Cookie Based Authentication Vulnerabilities
4	Unauthenticated JIRA CVEs

Day	Topic
1	2FA Bypass Techniques
2	Regular Expression Denial Of Service
3	SAML Vulnerabilities
4	Unauthenticated & Exploitable JIRA Vulnerabilities
5	Client-Side Template Injection(CSTI)
6	Cross-Site Leaks (XS-Leaks)
7	Cross-Site Script Includes (XSSI)
8	JSON Padding Attacks
9	JSON Attacks
10	Abusing Hop-by-Hop Headers
11	Cache Poisoned Denial of Service (CPDos)
12	Unicode Normalization
13	WebSocket Vulns (Part-1)
14	WebSocket Vulns (Part-2)
15	WebSocket Vulns (Part-3)
16	Web Cache Deception Attack
17	Session Puzzling Attack
18	Mass Assignment Attack
19	HTTP Parameter Pollution
20	GraphQL Series (Part-1)
21	GraphQL Vulnerabilities (Part-2)
22	GraphQL WrapUp (Part-3)
23	Password Reset Token Issues
24	My previous works
25	Salesforce Security Misconfiguration (Part-1)
26	Salesforce Security Misconfiguration (Part-2))
27	Salesforce Configuration Review (Wrap)
28	Common Business Logic Issues: Part-1
29	Common Business Logic Issues (Part-2)
30	Common Business Logic Issues (Wrap)
31	Captcha Bypass Techniques
32	Pentesting Kibana Service
33	Pentesting Docker Registry
34	HTML Scriptless Attacks / Dangling Markup Attacks (Part - 1)
35	HTML Scriptless Attacks / Dangling Markup Attacks (Wrap)
36	Pentesting Rsync Service
37	CRLF Injection
38	Pentesting FTP Service
39	OpenID Connect Implementation Issues
40	Cookie Based Authentication Vulnerabilities
41	Cobalt Vulnerability Wiki - Resource
42	Race Conditions
43	SMTP Open Relay Attack
44	Pentesting BACNet
45	API Security Tips
46	Pentesting SSH - Talk
47	CORS Misconfiguration
48	Incomplete Trailing Escape Pattern Issue
49	Pivoting & Exploitation in Docker Environments - Talk
50	Detect Complex Code Patterns using Semantic grep - Talk
51	Student Roadmap to Become a Pentester - Talk
52	Hacking How-To Series - Playlist
53	JS Prototype Pollution
54	JSON Deserialization Attacks
55	Android App Dynamic Analysis using House
56	Testing IIS Servers
57	Secure Code Review - Talk
58	JSON Interoperability Vulnerabilities - Research Blog
59	HTTP Desync Attacks - Talk
60	XSLT Injection
61	Bypassing AWS Policies - Talk
62	Source Code Review Guidelines - Resource
63	All of the Threats: Intelligence, Modelling and Hunting - Talk
64	Hidden Property Abuse (HPA) attack in Node.js - Talk
65	HTTP Request Smuggling in 2020 - Talk
66	Dependecy Confusion Attack - Blog
67	Format String Vulnerabilities - Webinar
68	Mobile Application Dynamic Analysis - Webinar
69	Insecure Deserialization - Talk
70	Web Cache Entanglement - Talk + Blog
71	OWASP AMASS - Bootcamp
72	Offensive Javascript Techniques for Red Teamers
73	Basic CMD for Pentesters - Cheatsheet
74	Investigating and Defending Office 365 - Talk
75	WinjaCTF 2021 Solutions - Blog
76	Kubernetes Security: Attacking and Defending K8s Clusters - Talk
77	AWS Cloud Security - Resources

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 525

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗