thatpham's repositories
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Advanced-SQL-Injection-Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
Android-Security-Teryaagh
Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
Bug-Bounty-Tools
The tools I have programmed to help me with bugbounty's
Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
BugBountyStuff
Stuff for bug bounty
byp4xx
Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips tricks and 2454 User-Agents.
bypass_disablefunc_via_LD_PRELOAD
bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
cve
Gather and update all available and newest CVEs with their PoC.
CVE-2021-3129_exploit
Exploit for CVE-2021-3129
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Golden-Guide-for-Pentesting
Golden Guide
google-dorks-bug-bounty
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Mind-Maps
Mind-Maps of Several Things
Pentest-Cheat-Sheets
A collection of snippets of codes and commands to make your life easier!
portswigger-websecurity-academy
Writeups for PortSwigger WebSecurity Academy
PowerShdll
Run PowerShell with rundll32. Bypass software restrictions.
pwn_jenkins
Notes about attacking Jenkins servers
reFlutter
Flutter Reverse Engineering Framework
SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
SSRFmap
Automatic SSRF fuzzer and exploitation tool
UForAll
UForAll is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl
Villain
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
weird_proxies
Reverse proxies cheatsheet