PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-83.78%)
AutosetupAuto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-5.41%)
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (+81.08%)
financialPOC de uma aplicação de domínio financeiro.
Stars: ✭ 62 (-58.11%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (+26.35%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-43.24%)
targetsA collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-42.57%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (+310.81%)
Gopoc用cel-go重现了长亭xray的poc检测功能的轮子
Stars: ✭ 124 (-16.22%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (+364.86%)
iota-mqtt-pocIOTA Proof of Concept, store MQTT messages on the tangle.
Stars: ✭ 40 (-72.97%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-59.46%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (-37.16%)
flaskbombGZip HTTP Bombing in Python for everyone
Stars: ✭ 30 (-79.73%)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-82.43%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+2410.14%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+123.65%)
BugbountyguideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (+128.38%)
PocProofs-of-concept
Stars: ✭ 467 (+215.54%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-58.11%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-62.16%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+791.22%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+222.97%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-77.7%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (+40.54%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-80.41%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+54.73%)
poc-github-actionsVarious proofs of concept examples using Github Actions 🤖
Stars: ✭ 103 (-30.41%)
Umbraco-RCEUmbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (-58.78%)
gwdomainssub domain wild card filtering tool
Stars: ✭ 38 (-74.32%)
T1tl3A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Stars: ✭ 14 (-90.54%)
SubcertSubcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (-60.81%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-70.95%)
Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-35.14%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (+81.08%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-4.05%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+2329.73%)
Bugbounty CheatsheetA list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+2362.16%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (+186.49%)
Learn365This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (+254.73%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+243.92%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+4795.95%)
Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (+85.14%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+625%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+706.76%)
Bug Bounty ResponsesA collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-68.92%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-84.46%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-60.81%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (+97.3%)
Legal Bug Bounty#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-71.62%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1216.89%)