thatpham's repositories
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Advanced-SQL-Injection-Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
Android-Security-Teryaagh
Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
Bug-Bounty-Tools
The tools I have programmed to help me with bugbounty's
Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
BugBountyStuff
Stuff for bug bounty
byp4xx
Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips tricks and 2454 User-Agents.
bypass_disablefunc_via_LD_PRELOAD
bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
cve
Gather and update all available and newest CVEs with their PoC.
CVE-2021-3129_exploit
Exploit for CVE-2021-3129
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Golden-Guide-for-Pentesting
Golden Guide
google-dorks-bug-bounty
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Mind-Maps
Mind-Maps of Several Things
Pentest-Cheat-Sheets
A collection of snippets of codes and commands to make your life easier!
portswigger-websecurity-academy
Writeups for PortSwigger WebSecurity Academy
PowerShdll
Run PowerShell with rundll32. Bypass software restrictions.
reFlutter
Flutter Reverse Engineering Framework
SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
SSRFmap
Automatic SSRF fuzzer and exploitation tool
UForAll
UForAll is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl
Villain
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
weird_proxies
Reverse proxies cheatsheet