Aalapsec

Aalapsec's Stars

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python61.3k1.8k014.7k

• six2dez/reconftw

  reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

  Language:Shell5.7k108456927

• djadmin/awesome-bug-bounty

  A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

  4.7k29710918

• Voorivex/pentest-guide

  Penetration tests guide based on OWASP including test cases, resources and examples.

  2.5k1101548

• for-GET/know-your-http-well

  HTTP headers, media-types, methods, relations and status codes, all summarized and linking to their specification.

  Language:Emacs Lisp2.4k7337158

• x90skysn3k/brutespray

  Bruteforcing from various scanner output - Automatically attempts default creds on found services.

  Language:Go2k8048384

• ssl/ezXSS

  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

  Language:PHP1.9k54131331

• danielmiessler/RobotsDisallowed

  A curated list of the most common and most interesting robots.txt disallowed directories.

  Language:Shell1.4k705304

• hakluke/weaponised-XSS-payloads

  XSS payloads designed to turn alert(1) into P1

  Language:JavaScript1.3k473216

• m0nad/awesome-privilege-escalation

  A curated list of awesome privilege escalation

  1.2k421154

• jonluca/Anubis

  Subdomain enumeration and information gathering tool

  Language:Python1.2k2733154

• SpiderLabs/HostHunter

  HostHunter a recon tool for discovering hostnames using OSINT techniques.

  Language:Python1.1k464182

• ajinabraham/CMSScan

  CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

  Language:CSS9613822147

• KathanP19/JSFScan.sh

  Automation for javascript recon in bug bounty.

  Language:Shell9011733165

• zeroc00I/AllVideoPocsFromHackerOne

  This script grab public report from hacker one and make some folders with poc videos

  Language:Shell874422221

• federicodotta/Java-Deserialization-Scanner

  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

  Language:Java7753429177

• chrislockard/api_wordlist

  A wordlist of API names for web application assessments

  759153216

• christophetd/censys-subdomain-finder

  ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

  Language:Python7401411127

• x1mdev/ReconPi

  ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

  Language:Shell7172838112

• incredibleindishell/SSRF_Vulnerable_Lab

  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

  Language:PHP670195175

• capture0x/XSS-LOADER

  Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

  Language:Python569156113

• random-robbie/keywords

  353180187

• firnsy/barnyard2

  Barnyard2 is a dedicated spooler for Snort's unified2 binary output format.

  Language:C34643181190

• GovTech-CSG/Autowasp

  BurpSuite Extension: A one-stop pen testing checklist and logger tool

  Language:Java7441145

• Liodeus/liodeus.github.io

  Language:HTML361110

• Netgate/TNSR_IDS

  IDS using a port mirror, Snort and an alert -> RESTCONF utility

  Language:Go36708

• bensooter/Snort16OnUbuntu

  Snort 2.9.8.x on Ubuntu 16 LTS with Barnyard2, PulledPork, and Snorby

  10457

• MACZAH/hackerone-reports

  Language:Python4100

• AtharavRH/Hack_Pack_V1.0

  3101

• yashp-git/NADIR-Snort

  Abstract—It has become increasingly difficult to monitor computer networks as they have grown in scale and complexity. This lack of awareness makes responding to, or even recognizing, attacks a challenge. As a result, organizations’ reactions to attacks are delayed, typically leaving them to address the situation long after an incident has taken place. The central idea behind this research is to provide earlier notification of potential network attacks by using deceptive network service information as bait. These ”decoy” or ”honey-services” will indicate system weak points which do not exist when suspicious network circumstances are detected. That is, although up-to-date versions of the programs will be running on the system at all times, software versions with vulnerabilities will be advertised when a potential attack or reconnaissance effort is detected. Attacks against these services will be unsuccessful because the server running our system is not actually running the vulnerable services. By providing fake vulnerable points, our system is capable of collecting information about attacks earlier in the reconnaissance phase, potentially catching adversaries in the act without exposing any actual system weaknesses. Our solution effectively transforms any legitimate server into a “honeypot” without the added overhead of setting up and maintaining a set of fake network infrastructure.

  Language:TeX2