Wader's repositories
AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
Amass
In-depth Attack Surface Mapping and Asset Discovery
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Bug-Bounty-Roadmaps
Bug Bounty Roadmaps
BugBounty_Profile
Recon_profile
commix
Automated All-in-One OS command injection and exploitation tool.
CORS-one-liner
A one liner Bash command which finds CORS in every possible endpoint.
gaussrf
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
gf-secrets
Secret and/ credential patterns used for gf.
gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
github-dorks
Collection of github dorks and helper tool to automate the process of checking dorks
gitscraper
A tool which scrapes public github repositories for common naming conventions in variables, folders and files
grafana-ssrf
Authenticated SSRF in Grafana
hackerone_wordlist
The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
mdisec-twitch-yayinlari
https://twitch.tv/mdisec
OpenRedireX
A Fuzzer for OpenRedirect issues
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
payloads
Git All the Payloads! A collection of web attack payloads.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pentest-recon
Web application pentesting recon
SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Shodan-Dorks
Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.
sub.sh
Multiprocessing(Parallel)Subdomain Detect Script
SwiftnessX
A cross-platform note-taking & target-tracking app for penetration testers.
truffleHog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
urlprobe
Urls status code & content length checker
xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
XSS-Payloads
List of advanced XSS payloads
Zin
A Payload Injector for bugbounties written in go