BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-90.92%)
Learn365This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (-85.59%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-86.03%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-95.01%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (-93.72%)
SubcertSubcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (-98.41%)
ctf-writeupsWriteups of CTF challenges
Stars: ✭ 19 (-99.48%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-97.67%)
championscurriculumA training curriculum for teaching information security "champions" within small organisations and helping them conduct a basic assessment. (Work in progress)
Stars: ✭ 18 (-99.51%)
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (-92.54%)
InfosecHouseInfosec resource center for offensive and defensive security operations.
Stars: ✭ 61 (-98.33%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-97.67%)
reFlutterFlutter Reverse Engineering Framework
Stars: ✭ 698 (-80.85%)
aneweranewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew
Stars: ✭ 46 (-98.74%)
SubzySubdomain takeover vulnerability checker
Stars: ✭ 287 (-92.12%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-92.56%)
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
Stars: ✭ 56 (-98.46%)
frida setupOne-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-98.71%)
remote-code-execution-sampleDemonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.
Stars: ✭ 18 (-99.51%)
fresh.pyAn efficient multi-threaded DNS resolver validator
Stars: ✭ 80 (-97.8%)
Threat-Intel-Slack-BotInteractive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack
Stars: ✭ 26 (-99.29%)
BugHunterNo description or website provided.
Stars: ✭ 23 (-99.37%)
swiss-bugbounty-programsList of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
Stars: ✭ 25 (-99.31%)
nuubiNuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-97.91%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (-66.79%)
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (-4.69%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-92.67%)
hibpwnedPython API wrapper for haveibeenpwned.com (API v3)
Stars: ✭ 21 (-99.42%)
moonwalkCover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Stars: ✭ 544 (-85.07%)
SSRF payload本脚本旨在生成各类畸形URL链接,进行探测使用的payload,尝试绕过服务端ssrf限制。
Stars: ✭ 28 (-99.23%)
ldapconsoleThe ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Stars: ✭ 25 (-99.31%)
cf-checkCloudFlare Checker written in Go
Stars: ✭ 147 (-95.97%)
VindicateToolLLMNR/NBNS/mDNS Spoofing Detection Toolkit
Stars: ✭ 40 (-98.9%)
quick-recon.pyDo some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-99.64%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (-6.94%)
ksubdomainSubdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
Stars: ✭ 320 (-91.22%)
ORtesterOpen Redirect scanner - (out of date)
Stars: ✭ 24 (-99.34%)
hack-pet🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Stars: ✭ 77 (-97.89%)
gitls🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
Stars: ✭ 39 (-98.93%)
SecurityExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: ✭ 301 (-91.74%)
hinjectHost Header Injection Checker
Stars: ✭ 64 (-98.24%)
jsleaka Go code to detect leaks in JS files via regex patterns
Stars: ✭ 111 (-96.95%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✭ 53 (-98.55%)
daily-commonspeak2commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists
Stars: ✭ 38 (-98.96%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-92.26%)
My TalksList of my talks and workshops: security engineering, applied cryptography, secure software development
Stars: ✭ 261 (-92.84%)