massito's repositories
open-redirector
A small and efficient tool to find open redirect vulnerabilities.
airixss
Finding XSS during recon
AwesomeXSS
Awesome XSS stuff
Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
CVE-T4PDF
CVEs and Techniques used PDF as an attack vector.
dummy-cloudapp
files for cloudapp.net azure subdomain takeover PoC
formcrawler
This script Crawl the website and find the urls that contains html forms.
getJS
A tool to fastly get all javascript sources/files
Guide-to-SSRF
Guide to SSRF
log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
phpvuln
🕸️ Audit tool to find common vulnerabilities in PHP source code
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
scodescanner
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.
SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
shortscan
An IIS short filename enumeration tool
source-founder
check if the source code compressed and uploaded to the server by mistake
vulnerability-research
This repository contains information on the CVEs I found.
WAF-bypass-xss-payloads
XSS payloads for bypassing WAF. This repository is updating continuously.
webapp-wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.