Stars
Semantic analysis engine for detecting vulnerability fixes in Windows kernel driver patches — 58 YAML rules, Ghidra decompilation, reachability tracing, and scoring
This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests and bug bounty.
A tool for exploring each layer in a docker image
Extract JavaScript source trees from Sourcemap files
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
A python script to merge multiple jar files for easier debugging via JD-Eclipse
collect for learning cases
SSRF (Server Side Request Forgery) testing resources
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Trying to make automated recon for bug bounties
API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
A list of private and public (more or less) blackhat boards
A Bring Your Own Land Toolkit that Doubles as a WMI Provider
A tool for checking the security hardening options of the Linux kernel
Here you can find write ups for iOS Vulnerabilities that have been released.
Active Directory Assessment and Privilege Escalation Script
Arbitrary code execution with kernel privileges using CVE-2018-8897.
Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services