asnblock's repositories
30-Days-Of-JavaScript
30 days of JavaScript programming challenge is a step-by-step guide to learn JavaScript programming language in 30 days. This challenge may take more than 100 days, please just follow your own pace.
akto
Instant, Open source API security → API discovery, automated business logic testing and runtime detection.
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
APIKit
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
Artemis
A modular web reconnaissance tool and vulnerability scanner.
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
aws-customer-security-incidents
A repository of breaches of AWS customers
BugBountyBooks
A collection of PDF/books about the modern web application security and bug bounty.
cookiecrumbles
Cookie Crumbles: Breaking and Fixing Web Session Integrity
cupp
Common User Passwords Profiler (CUPP) 密码生成器
cybersecurity-career-path
Cybersecurity Career Path
DAST
《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.
dirmap
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
FingerprintHub
侦查守卫(ObserverWard)的指纹库
gophish
Open-Source Phishing Toolkit
h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
HAC_Bored_Writing
各种漏洞批量扫描poc、exp,涵盖未授权、RCE、文件上传、sql注入、信息泄露等
hfuzz
Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei templates, web-scanners, seclist, bo0m, and more.
iOS-Internals-and-Security-Testing
iOS is Apple's proprietary operating system that runs on the iPhone, iPod Touch and iPad. A lot of components are specific to iOS. Here are key features of the iOS hardware and software security architecture and guide how to test your applications.
IPAPatch
Patch iOS Apps, The Easy Way, Without Jailbreak.
OneForAll
OneForAll是一款功能强大的子域收集工具
Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
PetitPotato
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
scalpel
scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。 原理:https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
tag-security
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
tests-library
Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose