mwebsec's repositories
crAPI
completely ridiculous API (crAPI)
APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
hackerone-reports
Top disclosed reports from HackerOne
GOAD
game of active directory
Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
APT_REPORT
Interesting APT Report Collection And Some Special IOC
Vulnerable-OAuth-2.0-Applications
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
Vulhub-Reproduce
一个Vulhub漏洞复现知识库
Ghostwriter
The SpecterOps project management and reporting engine
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
ars0n-framework-dockerized
A Modern Bug Bounty Hunting Framework Packaged in Docker
OWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.
Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
BetaFast
Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
NucleiFuzzer
NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
fuzzing-templates
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
wifiphisher
The Rogue Access Point Framework
WebGoat.NET
OWASP WebGoat.NET
Bug-Bounty-Methodology
These are my checklists which I use during my hunting.
Veil
Veil 3.1.X (Check version info in Veil at runtime)
ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
OSCE3-Complete-Guide
OSWE, OSEP, OSED, OSEE
cs5331-ssti
CS5331 Server-Side Template Injection Project
xxe-injection-payload-list
🎯 XML External Entity (XXE) Injection Payload List
XXE-study
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.
websitesVulnerableToSSTI
Simple websites vulnerable to Server Side Template Injections(SSTI)