Shubham Gupta's repositories
awesome-android-security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
Awesome-WAF
🔥 Everything awesome about web-application firewalls (WAF).
aws_exposable_resources
Resource types that can be publicly exposed on AWS
Bugbounty-Resources
A list of resources for those interested in getting started in bug bounties inspired from https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Ciphey
Automatically decode encryptions without a key, decode encodings, and crack hashes
CloudComparer
Compare the various managed cloud services offered by the major public cloud providers in the market.
Gf-Patterns
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
go-stare
A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
grepTheCurl
One liner regex match to search inside JS files, using curl and grep!
hetty
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
HowToHunt
Some Tutorials and Things to Do while Hunting That Vulnerability.
JSFScan.sh
Automation for javascript recon in bug bounty.
onefuzz
A self-hosted Fuzzing-As-A-Service platform
OneLiners
Simple bash Oneliners to make life easier
pentest
Image with the more used tools to create a pentest environment easily and quickly.
script-collection
Collection of my scripts ranging from bash or python or shell. Readme will contain list of which script does what.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
semgrep-rules
Semgrep rules registry
Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts.
vulnsearch
A deep look at some recon methodologies and web-application vulnerabilities of my interest where I will merge all my notes gathered from books, videos, articles and own experience with bug bounty hunting / web and network hacking
whoxyrm
A reverse whois tool based on Whoxy API.
www-project-vulnerability-management-guide
OWASP Foundation Web Respository