Victor Chibuike's starred repositories
kratos
Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
awesome-bug-bounty
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
awesome-android-security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
weaponised-XSS-payloads
XSS payloads designed to turn alert(1) into P1
AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
hakoriginfinder
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
blind-ssrf-chains
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.