0x13337's repositories
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
api-development-tools
:books: A collection of useful resources for building RESTful HTTP+JSON APIs.
awesome-devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Burp-Non-HTTP-Extension
Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
cloud-ranges
A list of cloud ranges from different providers.
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
covid-vaccine-booking
This very basic script can be used to automate COVID-19 vaccination slot booking on India's Co-WIN Platform.
CVE-2020-5902
Proof of concept for CVE-2020-5902
django-cheat-sheet
A cheat sheet for creating web apps with the Django framework.
exploit-workshop
A step by step workshop to exploit various vulnerabilities in Node.js and Java applications
GFPGAN
GFPGAN aims at developing Practical Algorithms for Real-world Face Restoration.
grafana-ssrf
Authenticated SSRF in Grafana
hacker-container
Container with all the list of useful tools/commands while hacking Kubernetes Clusters
http-desync-guardian
Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
nodebestpractices
:white_check_mark: The Node.js best practices list (November 2020)
parse-server
API server module for Node/Express
rsa_sign2n
Deriving RSA public keys from message-signature pairs
ScoutSuite
Multi-Cloud Security Auditing Tool
SecureCodingDojo
The Secure Coding Dojo is a platform for delivering secure coding training.
slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
toolbox-pentest-web
Docker toolbox for pentest of web based application.
udemy-downloader-gui
A desktop application for downloading Udemy Courses
what-happens-when
An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"