Voorivex

Voorivex's Stars

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python62k1.8k014.8k

• enaqx/awesome-pentest

  A collection of awesome penetration testing resources, tools and other shiny things

  22.1k1.2k394.5k

• vulhub/vulhub

  Pre-Built Vulnerable Environments Based on Docker-Compose

  Language:Dockerfile18k5801854.5k

• maurosoria/dirsearch

  Web path scanner

  Language:Python12.3k3105522.3k

• nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

  A list of resources for those interested in getting started in bug bounties

  10.8k573271.9k

• chaitin/xray

  一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

  Language:Vue10.5k2104721.8k

• nomi-sec/PoC-in-GitHub

  📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

  6.6k433291.2k

• 0xInfection/Awesome-WAF

  🔥 Web-application firewalls (WAFs) from security standpoint.

  Language:Python6.4k25961.1k

• drk1wi/Modlishka

  Modlishka. Reverse Proxy.

  Language:Go4.9k141289885

• s0md3v/AwesomeXSS

  Awesome XSS stuff

  Language:JavaScript4.8k23913767

• dwisiswant0/awesome-oneliner-bugbounty

  A collection of awesome one-liner scripts especially for bug bounty tips.

  2.7k7918584

• christophetd/CloudFlair

  🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

  Language:Python2.6k6063364

• threedr3am/learnjavabug

  Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

  Language:Java2.6k756496

• devanshbatham/ParamSpider

  Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

  Language:Python2.6k3898430

• joaomatosf/jexboss

  JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

  Language:Python2.4k9560638

• iddoeldor/frida-snippets

  Hand-crafted Frida examples

  Language:JavaScript2.3k7618423

• inonshk/31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  2.1k632332

• B3nac/Android-Reports-and-Resources

  A big list of Android Hackerone disclosed reports and other resources.

  1.5k921306

• orangetw/awesome-jenkins-rce-2019

  There is no pre-auth RCE in Jenkins since May 2017, but this is the one!

  Language:Python601161132

• hypn0s/AJPy

  Language:Python466517102

• SpiderLabs/DoHC2

  DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH).

  Language:C#44037394

• zricethezav/h1domains

  HackerOne "in scope" domains

  Language:Python414244119

• Edu4rdSHL/tor-router

  A tool that allows you to make TOR your default gateway and send all internet connections under TOR (as transparent proxy) to increase privacy/anonymity without extra unnecessary code.

  Language:Shell29111965

• onionj/pybotnet

  PyBotNet: A Remote Control Framework for Python with Telegram Integration

  Language:Python25682673

• SpiderLabs/CryptOMG

  CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.

  Language:PHP19218049

• erforschr/bruteforce-http-auth

  Bruteforce HTTP Authentication

  Language:Python1399340

• byt3bl33d3r/Slides

  Slides from various talks that I've given over the years

  1179027

• teambi0s/dfunc-bypasser

  This tool is for letting you know how strong your disable_functions is and how you can bypass that.

  Language:Python1167114

• YouGina/reconmaster

  ReconMaster contest - scripts used and a write-up

  Language:Shell832012

• dxa4481/AttackingAndDefendingTheGCPMetadataAPI

  This repo gives an overview of some GCP metadata API attack and defend patterns

  764015