Nguyen-Trung-Kien's Stars
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
shieldfy/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
quay/clair
Vulnerability Static Analysis for Containers
mandiant/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
wy876/POC
收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1400多个poc/exp,长期更新。
inonshk/31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
NetSPI/MicroBurst
A collection of scripts for assessing Microsoft Azure security
thisbejim/Pyrebase
A simple python wrapper for the Firebase API.
defparam/smuggler
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
Whitecat18/Rust-for-Malware-Development
This repository contains my complete resources and coding practices for malware development using Rust 🦀.
randorisec/MobileHackingCheatSheet
Basics on commands/tools/info on how to assess the security of mobile applications
trickest/inventory
Asset inventory of over 800 public bug bounty programs.
assetnote/nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Zeyad-Azima/Offensive-Resources
A Huge Learning Resources with Labs For Offensive Security Players
narfindustries/http-garden
Differential fuzzing REPL for HTTP implementations.
jthack/PIPE
Prompt Injection Primer for Engineers
hisxo/JSpector
A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues
MuhammadKhizerJaved/Insecure-Firebase-Exploit
A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.
frank-leitner/portswigger-websecurity-academy
Writeups for PortSwigger WebSecurity Academy
dolevf/Black-Hat-GraphQL
The Black Hat GraphQL Book Repository
ambionics/symfony-exploits
Exploits targeting Symfony
ashemery/malware-tools
A list of useful tools for Malware Analysis (will be updated regularly)
abdulkadir-gungor/HtmlSmuggling
HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF
ShadowByte1/XSS
JavierOlmedo/UltimateCMSWordlists
📚 An ultimate collection wordlists of the best-known CMS
AlecBlance/S3BucketList
Chrome extension that lists Amazon S3 Buckets while browsing
rahulbhichher/SourceCodeReview
Source Code Review resources for Bug Bounty Hunters & Developers. This Repo is updated consistently.
QuantumWizard888/Reverse-Engineering-crackmes-with-Ghidra
A collection of random crackme solutions created using Ghidra SRE (software Reverse Engineering) tool for purpose of research.
Dhamuharker/Server-Side-Template-Injection
Template injection allows an attacker to include template code into an existant (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages
uleroboticsgroup/SVCP4C
SonarCloud Vulnerable Code Prospector For C (SVCP4C)