attacker-codeninja's repositories
Workflow-Bug-Bounty
My Tools For Bug Bounty
regexHunter
regex Hunter- Fast website endpoint sensitive data and Leaks JS files endpoint API Key Scraper
100-exercises-to-learn-rust
A self-paced course to learn Rust, one exercise at a time.
AHHHZURE
AHHHZURE is an automated deployment script that creates a vulnerable Azure cloud lab for offensive security practitioners and enthusiasts to brush up their cloud sec skills.
AWS-Certified-Cloud-Practitioner-Notes
AWS Certified Cloud Practitioner Short Notes And Practice Exams (CLF-C02)
bambdas2
Bambdas collection for Burp Suite Professional and Community.
bug-bounties
⚔️ A compiled list of companies who have active programs for responsible disclosure
CloudShovel
A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where we scanned 20k+ public AMIs.
csrf-file-upload-poc
This PoC showcases how an attacker can exploit a CSRF vulnerability to upload a file to a victim's account without their knowledge. The attack leverages the victim's session or performs unauthorized actions on their behalf.
CVE-2024-24919-Bulk-Scanner
CVE-2024-24919 [Check Point Security Gateway Information Disclosure]
DevSkim
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
DVAPI
Damn Vulnerable API
graphqlMaker
Finds graphql queries in javascript files
JWack
JWack is a powerful security tool designed for interacting with JSON Web Tokens (JWT).
misconfig-mapper
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
My-Vuln-Labs
A repository containing various vulnerable lab for testing.
OneDorkForAll
An insane list of all dorks taken from everywhere from various different sources.
risky-records
Given a list of domains and known IP and buckets that are owned, which might be susceptible to domain hijacking?
secure-code-game-1
A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
Security_Engineer_Interview_Questions
Every Security Engineer Interview Question From Glassdoor.com
SpideyX
SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.
ssrv
quickly create customized web pages/endpoints. Set custom response status, header, body
Task-Ninja
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
The-Nen-Book
The Nen Book is a list of personal notes and tips collected from a lot of recourses in different categories like: WebApp Security, API Security, Cloud Security, Network Pentesting, Code Review, Threat Hunting.
Triplex
Triplex (for Exported Extras Extraction) is a python script that is designed to search exported intents extras in decompiled APKs for a faster pentest and bug bounty recon.
wanderlust
WanderLust is a simple MERN travel blog website 🚀 This project is aimed to help people to contribute in open source, upskill in react and also master git.
WordPress-Auto-Admin-Account-and-Reverse-Shell-cve-2024-27956
WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target server. It utilizes the wp-automatic plugin's CSV injection vulnerability to execute SQL queries