secwiththamhv's repositories
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
commix
Automated All-in-One OS Command Injection Exploitation Tool.
XSStrike
Most advanced XSS scanner.
Amass
In-depth Attack Surface Mapping and Asset Discovery
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
sqlmap
Automatic SQL injection and database takeover tool
Findomain
The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.
subzy
Subdomain takeover vulnerability checker
Veil
Veil 3.1.X (Check version info in Veil at runtime)
xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
sql-injection-payload-list
🎯 SQL Injection Payload List
Sublist3r
Fast subdomains enumeration tool for penetration testers
ParamSpider
Mining parameters from dark corners of Web Archives
bugbountyDorks
This repo contains all the Bug Bounty Dorks sourced from different awesome sources and compiled at one place
burpFakeIP
一个用于伪造ip地址进行爆破的Burp Suite插件
exif-samples
Sample images for testing Exif metadata retrieval.
knock
Knock Subdomain Scan
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
subjack
Subdomain Takeover tool written in Go
broken-link-checker
Find broken links, missing images, etc within your HTML.
clickjackingpoc
A Proof of Concept for Clickjacking Attacks