OWASP CRS (Official Repository)

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Web path scanner

Legend Agar.io Mod

XS-Leaks Wiki

Some setup scripts for security research tools.

List of XSS Vectors/Payloads

HTTPLeaks - All possible ways, a website can leak HTTP requests

CTF write-ups

Implementation of attacks on cryptosystems

Content-Type Research

A generator of weird files (binary polyglots, near polyglots, polymocks...)

ctf exploit codes or writeups

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

A collection of browser-based side channel attack vectors.

Prototype Pollution and useful Script Gadgets

Reverse proxies cheatsheet

The cheat sheet about Java Deserialization vulnerabilities

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Collection of my capture-the-flag web challenge in any levels

Searcher for cross-site leaks (XS-Leaks)

Client Side Prototype Pollution Scanner

Challenge repository for the watevrCTF 2019 CTF competition

CTF writeups

Same Origin XSS challenge

Writeups for some CTF challenges. I keep the copy of task files in case you would like to try them yourself.

justCTF 2019 challenges sources