Ricardo Iramar dos Santos's repositories
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
h2csmuggler-proxy
This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.
pubkey-pin-android
Just another example for Android Public Key Pinning (based on OWASP example)
bc2telegram
Simple script to report Burp Collaborator interactions to Telegram bot chat
huebrchallenge01
This is my first web challenge called "HueBR Challenge 01".
h2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
dnsobserver
A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack.
IE11xCORSxSOP
IE11 is not following CORS specification for local files
feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
Findsploit
Find exploits in local and online databases instantly
notify
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
poc_salesforce_lightning
Academic purposes only. Attack against Salesforce lightning with guest privilege.
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
www-project-mobile-security-testing-guide
OWASP Foundation Web Respository
www-project-secure-headers
OWASP Foundation Web Respository