Samidu Nimsara's starred repositories
param-miner-doc
Unofficial documentation for the great tool Param Miner
Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
github-endpoints
Find endpoints on GitHub.
pentest-tools
A collection of custom security tools for quick needs.
http-garden
Differential testing and fuzzing of HTTP servers and proxies
sharepoint-redirect
Microsoft Sharepoint Open Redirct
shuffledns
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
Bash-Oneliner
A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
FileMonitor
文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)
SiftScan
SiftScan 是一个集成资产识别、资产梳理、资产收集、弱点检测、漏洞检测等的工具。它致力于提高红蓝对抗/脆弱性赏金的效率。is a tool that integrates asset identification, asset sorting, asset collection, vulnerability detection, vulnerability detection, etc. It is committed to improving the efficiency of the red-blue confrontation/vulnerability bounty.
Blockchain-dark-forest-selfguard-handbook
Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.
Awesome-Redteam
一个攻防知识仓库 Red Teaming and Offensive Security
Awesome-POC
一个漏洞POC知识库 目前数量 1000+
Watering-Hole-Attack
申明:仅供教学演示,禁用非法、未授权等进行钓鱼,后果自负。
VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
kiterunner
Contextual Content Discovery Tool
CVE-2024-40348
POC for CVE-2024-40348. Will attempt to read /etc/passwd from target