Sid's repositories
awesome-burp-suite
Awesome Burp Suite Resources. 400+ open source Burp plugins, 500+ posts and videos.
awesome-courses
:books: List of awesome university courses for learning Computer Science!
awesome-interview-questions
:octocat: A curated awesome list of lists of interview questions. Feel free to contribute! :mortar_board:
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
AwesomeXSS
Awesome XSS stuff
big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
Bypass-Web-Application-Firewalls
Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|
Cheatsheet-God
Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet
Commodity-Injection-Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
ctf-writeups
CTF write-ups from the VulnHub CTF Team
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
github-for-non-programmers
A guide to using GitHub for people who don't code and don't want to code.
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
linux-kernel-exploits
linux-kernel-exploits Linux平台提权漏洞集合
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
PENTESTING-BIBLE
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
PowerShell-for-Pentesters
PowerShell for Pentesters
PowerShellScripts
Collection of PowerShell scripts
sec-tool-list
More than 18K security related open source tools, sorted by star count. Both in markdown and json format.
Web-CTF-Cheatsheet
Web CTF CheatSheet 🐈
what-happens-when
An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"
windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合
ysoserial.net-complied
This repository contains complied exe of ysoserial.net ( ys.exe in directory ysoserial/bin/Debug). This work belongs to @pwntester bhai ji \m/