Stars
Prototype Pollution and useful Script Gadgets
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
Simple websites vulnerable to Server Side Template Injections(SSTI)
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
A list of cloud ranges from different providers.
Compilation of ready to run exploits, advisories, tools and online key generators for embedded devices.
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
List of DNS violations by implementations, software and/or systems
Signature-free approach library to detect injection and commanding attacks
Go package for Ja3 TLS client and server hello fingerprints
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
Interesting APT Report Collection And Some Special IOCs
This script is intended to automate your reconnaissance process in an organized fashion
HostHunter a recon tool for discovering hostnames using OSINT techniques.
A security tool to fingerprint PNG libraries used by web applications