d1pakda5

CVE-2021-26295-POC

1earn

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

mySapAdventures

A quick methodology on testing / hacking SAP Applications for n00bz and bug bounty hunters

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

SubWalker

Bash recon script to simultaneously execute various subdomain enumeration tools and parse results.

h8mail

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

AllVideoPocsFromHackerOne

This script grab public report from hacker one and make some folders with poc videos

NtHiM

Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection!

Insecure-Firebase-Exploit

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

postgres-baseline

DevSec PostgreSQL Baseline - InSpec Profile

XSSTRON

AllAboutBugBounty

All about bug websites (bypasses, payloads, and etc)

DNSGrep

Quickly Search Large DNS Datasets

how-to-secure-anything

How to systematically secure anything: a repository about security engineering

wordlists-1

Automated & Manual Wordlists provided by Assetnote

attack-coverage

an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques

feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

GitDorker

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

burpdeveltraining

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

XXE-study

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

grep-pattern

collection of various grep patterns collected from tomnomnom/gf and other places

HowToHunt

Tutorials and Things to Do while Hunting Vulnerability.

30-Days-Of-JavaScript

30 days of JavaScript programming challenge is a step by step guide to learn JavaScript programming language in 30 days

client-side-prototype-pollution

Prototype Pollution and useful Script Gadgets

chaos-hunt

Bash Script to Hunt all the targets/Subdomains from Chaos by Project Discovery Team

web-methodology

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

continuous-nuclei

Running nuclei Continuously

CloudBrute

Awesome cloud enumerator

bounty-targets-alert

It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.

KingOfBugBountyTips