A curated list of awesome privilege escalation

A collection of one-liners for bug bounty hunting.

This Repositories contains list of One Liners with Descriptions and Installation requirements

CVE-2023-25157 - GeoServer SQL Injection - PoC

A Collection of Android Pentest Learning Materials

Notes taken from Android App Hacking - Black Belt Edition (UDEMY - Roman Stuehler)

how to look for Leaked Credentials !

Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-d…

Bug bounty reports generator

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

This repository contains various attack against Large Language Models.

Find exposed data in Azure with this public blob scanner

MyPrivte

Hackerone API Integeration

A list of subdomains for some of the most popular sites on the internet

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Web application penetration testing

Collection of Facebook Bug Bounty Writeups

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.

Dirscan是一款由go编写的高并发的目录扫描器，现在已经支持GET、HEAD、递归扫描、代理等功能功能,后续努力实现更多功能。

Some wordlists collected form github to all bug bounty hunters.

Top disclosed reports from HackerOne

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Penetration Testing notes, resources and scripts

React + Flask + MySQL stack for a car rental management web app

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure