mubarak arzika's repositories
angularjs-csti-scanner
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
bounty-domains
List of domains in scope for bug bounties (HackerOne, Bugcrowd, etc.)
bounty-monitor
Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains participating in bug bounty programs.
crobat-client
A Go client for crobat
CVE-2019-3396
Confluence 未授权 RCE (CVE-2019-3396) 漏洞
CVE-2019-6340
Drupal8's REST RCE, SA-CORE-2019-003, CVE-2019-6340
CVE-2020-12116
Proof of concept code to exploit CVE-2020-12116: Unauthenticated arbitrary file read on ManageEngine OpManger.
CVE-2020-1947
Apache ShardingSphere UI YAML解析远程代码执行漏洞
CVE-2020-2883
Weblogic coherence.jar RCE
CVE-2020-8193
Citrix ADC Vulns
CVE-2020-9484-Mass-Scan
CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
CVEs
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
endpoint-monitor
A python script that polls endpoints and posts in slack if the endpoints return certain statuses
Flink_RCE
Apache Flink Web Dashboard 未授权访问,上传恶意jar导致远程代码命令执行
GoPatternMatcher
This tool allows for quickly searching for a specified pattern within HTTP Response bodies. Simply pipe in a list of URLs, specify your pattern and hit enter.
grafana-ssrf
Authenticated SSRF in Grafana
HostHunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
masscan-to-nmap
Use masscan for fast open ports discovery and nmap for the NSEs.
ParameterMiner
Built on a lazy Sunday after seeing this tweet (https://twitter.com/intigriti/status/1272145863868104705?s=20) I present to you, ParameterMiner! Pipe in a list of javascript urls and ParameterMiner pulls all the variable names.
RegHex
A collection of regexes for every possbile use
Rock-ON
Rock-On is a all in one Recon tool that will just get a single entry of the Domain name and do all of the work alone.
slack-go-webhook
Go Library to send messages to Slack via Webhooks
sublert
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
tiscripts
Turbo Intruder Scripts
websocket-connection-smuggler
websocket-connection-smuggler
wordpress-exploits
All known and unknown public POC's for wordpress themes and plugins
xss-cheatsheet-data
This repository contains all the XSS cheatsheet data to allow contributions from the community.