vinnyvinoth's repositories
zip-slip-vulnerability
Zip Slip Vulnerability (Arbitrary file write through archive extraction)
CVE-2023-34039
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)
rayder
A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
DorXNG
Next Generation DorX. Built by Dorks, for Dorks. 🤓
YoutubePlaylistDownloader
A tool to download whole playlists, channels or single videos from youtube and also optionally convert them to almost any format you would like
graphql-wordlist
The only graphql wordlists you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
shortscan
An IIS short filename enumeration tool
bbscope
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
ysoserial.net
Deserialization payload generator for a variety of .NET formatters
private_templates
Private Nuclei Templates
aem-links
Adobe Experience Manager links, cheat sheets and solutions to common problems.
CVE-2023-33733
CVE-2023-33733 reportlab RCE
AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
CVE-2023-2825
GitLab CVE-2023-2825 PoC. This PoC leverages a path traversal vulnerability to retrieve the /etc/passwd file from a system running GitLab 16.0.0.
CVE-2023-2732
MStore API <= 3.9.2 - Authentication Bypass
CVE-2023-25690-POC
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
poc-graphql
Research on GraphQL from an AppSec point of view.
super-secret-finder
Burp Plugin for Secret Matching
Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
CVE-2023-32243
CVE-2023-32243
aem-groovy-console
The AEM Groovy Console provides an interface for running Groovy scripts in the AEM container. Scripts can be created to manipulate content in the JCR, call OSGi services, or execute arbitrary code using the CQ, Sling, or JCR APIs.
Nuclei-bug-hunter
i will upload more templates here to share with the comunity.
SecBugs
Full disclosures for CVE ids, proofs of concept, exploits, 0day bugs and so on.
recollapse
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
BurpJSLinkFinder
Burp Extension for a passive scanning JS files for endpoint links.
SSLEnum
Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
Diccionarios
Fuzzing en español