850 Open source projects that are alternatives of or similar to Howtohunt

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Full Nuclei automation script with logic explanation.

Awesome Writeups and POCs

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

CloudFlare Checker written in Go

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Good resources about web security that I have read.

DNS hijacking via dead records automation tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Misc. Public Reports of Penetration Testing and Security Audits.

XSS in pastebin.com and reddit.com via unsanitized markdown output

Tips and Tutorials for Bug Bounty and also Penetration Tests.

🎯 Command Injection Payload List

Penetration tests guide based on OWASP including test cases, resources and examples.

Java漏洞学习笔记 Deserialization Vulnerability

Introductions to key concepts in quantum machine learning, as well as tutorials and implementations from cutting-edge QML research.

An organized list of guides and tutorials for design, development, and system administration.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Lists of JavaScript resources: tools, tutorials, starter projects, example code, etc.

Vulnerability (CVE) scanner for Nix/NixOS.

Tool for catching and logging different types of requests.

🐍 ℹ️ Create and manage data in your Flask app via a SQL database.

Poor (rich?) man's bug bounty pipeline

🎓 Daily WebGL tutorials

A collection of JavaScript engine CVEs with PoCs

Jina examples and demos to help you get started

Technical blog repo of metaflow

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Advanced vulnerability scanning with Nmap NSE

📖 Community driven web development tutorials

🔺 Red Team Hardware Toolkit 🔺

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Universal Javascript sample application with React Router 4 and Express 5 (Enhanced version of https://github.com/lmammino/judo-heroes)

Wiki related to the Pharo programming language and environment.

Default signature for Jaeles Scanner

Collection of tutorials, wikis, and templates to get you started with creating BIDS compliant datasets

CVE-2017-9506 - SSRF

Linux Kernel exploitation Tutorial.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

web scanner - exploitation - information gathering

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.

Original Automated CVE Checking Tool

Source code for Hacker101.com - a free online web and mobile security class.

A comprehensive list of pytorch related content on github,such as different models,implementations,helper libraries,tutorials etc.

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

This is the companion repository of the ANTLR Mega Tutorial, that will explain everything you need to know to use ANTLR.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A day to day plan for this challenge. Covers both theoritical and practical aspects

Repositório com conteúdo sobre web hacking em português

List of Magento extensions with known security issues.

【🔥持续更新中】Node.js 实战学习路线

Awesome Vulnerable Applications