costelm's Stars
KingOfBugbounty/KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
robre/scripthunter
Tool to find JavaScript files on Websites
robre/jsmon
a javascript change monitoring tool for bugbounties
teknogeek/ssrf-sheriff
A simple SSRF-testing sheriff written in Go
davidson679/Bypass-Web-Application-Firewalls
Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|
cujanovic/subdomain-bruteforce-list
subdomain bruteforce list
cujanovic/Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
cujanovic/CRLF-Injection-Payloads
Payloads for CRLF Injection
cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
devsecops/awesome-devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
devsecops/bootcamp
A open contribute bootcamp to develop DevSecOps skills...
pxb1988/dex2jar
Tools to work with android .dex and java .class files
infosecn1nja/ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
infosecn1nja/Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
infosecn1nja/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
infosecn1nja/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
certsocietegenerale/IRM-deprecated
Incident Response Methodologies
googleprojectzero/BrokenType
TrueType and OpenType font fuzzing toolset
AndProx/AndProx
Native Android Proxmark3 client (no root required)
ewhitehats/InvisiblePersistence
Persisting in the Windows registry "invisibly"
NVISOsecurity/MagiskTrustUserCerts
A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
Nekmo/dirhunt
Find web directories without bruteforce
nccgroup/house
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
P3GLEG/Whaler
Program to reverse Docker images into Dockerfiles
s0md3v/XSStrike
Most advanced XSS scanner.
threat9/routersploit
Exploitation Framework for Embedded Devices
archerysec/archerysec
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
federicodotta/Brida
The new bridge between Burp Suite and Frida!
OffXec/Samurai
Samurai Email Discovery - SED is a email discovery framework that grabs emails via google dork, company name, or domain name.
cryps1s/DARKSURGEON
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.