Voorivex's starred repositories
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
AwesomeXSS
Awesome XSS stuff
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
awesome-oneliner-bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
frida-snippets
Hand-crafted Frida examples
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
tor-router
A tool that allows you to make TOR your default gateway and send all internet connections under TOR (as transparent proxy) to increase privacy/anonymity without extra unnecessary code.
bruteforce-http-auth
Bruteforce HTTP Authentication
dfunc-bypasser
This tool is for letting you know how strong your disable_functions is and how you can bypass that.
reconmaster
ReconMaster contest - scripts used and a write-up
AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns