Manjula W.'s repositories
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Cheatsheet-God
Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet
python-scripts
A repository to store various python scripts I have created for different purposes.
CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
CVElk
Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data
digitalocean-python
⛵ App Platform sample Python application.
ecs-refarch-cloudformation
A reference architecture for deploying containerized microservices with Amazon ECS and AWS CloudFormation (YAML)
exploitdb-papers
exploit-database-papers
java_security_animated
Java Security Animated is a Swing application demonstrating the core Java security concepts along with the security model implemented in notorious Java frameworks such as Spring Framework, JavaEE and OSGi. Idea derived from Java Concurrency Animated by Victor Grazi (permission for naming and implementation granted by him): https://github.com/vgrazi/java-concurrent-animated
LinkFinder
A python script that finds endpoints in JavaScript files
log4shell-vulnerable-app
Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.
nosql-injection-vulnapp
NIVA is a simple web application which is intentionally vulnerable to NoSQL injection. The purpose of this project is to facilitate a better understanding of the NoSQL injection vulnerability among a wide audience of software engineers, security engineers, pentesters, and trainers.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pixi
The Pixi module is a MEAN Stack web app with wildly insecure APIs!
PrioritizedRiskRemediation
A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
python-pentesting
python-pentesting-tool
RobotsDisallowed
A harvest of the Disallowed directories from the robots.txt files of the world's top websites.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
security
Stuff about it-security that might be good to know
SerializationDumper
A tool to dump Java serialization streams in a more human readable form.
Serverless-Goat
OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
threat-model-cookbook
This project is about creating and publishing threat model examples.
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.