f0ur0four

f0ur0four's Stars

• joaomatosf/jexboss

  JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

  Language:Python2.4k638

• doyensec/CSPTPlayground

  CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

  Language:JavaScript836

• trailofbits/publications

  Publications from Trail of Bits

  Language:Python1.5k184

• trickest/cve

  Gather and update all available and newest CVEs with their PoC.

  Language:HTML6.6k837

• intigriti/misconfig-mapper

  Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

  Language:Go38930

• Legoclones/pickledbg

  A GDB+GEF-style debugger for unloading Python pickles

  Language:Python594

• pwning/public-writeup

  CTF write-ups by Plaid Parliament of Pwning

  Language:Python774118

• artsploit/yaml-payload

  A tiny project for generating SnakeYAML deserialization payloads

  Language:Java562102

• synacktiv/CVE-2024-45409

  Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409) exploit

  Language:Python7311

• yeswehack/pp-finder

  PP-finder Help you find gadget for prototype pollution exploitation

  Language:TypeScript13817

• zigoo0/JSONBee

  A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

  Language:PHP668106

• renniepak/CSPBypass

  Language:JavaScript15920

• C4T-BuT-S4D/bricsctf-2024-quals

  BRICS+ CTF 2024 Quals

  Language:C++255

• Anugrahsr/Awesome-web3-Security

  A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

  1.3k179

• aszx87410/cdnjs-prototype-pollution

  Find all libraries on cdn.js that pollute your prototype

  Language:JavaScript191

• aszx87410/beyond-xss

  Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

  Language:JavaScript10322

• mytechnotalent/Reverse-Engineering

  A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM and embedded RISC-V architectures.

  Language:Assembly11.2k1k

• BlackFan/content-type-research

  Content-Type Research

  54054

• taviso/rbndr

  Simple DNS Rebinding Service

  Language:C62780

• msrkp/MXSS

  Awesome MXSS ??

  454

• Bo0oM/fuzz.txt

  Potentially dangerous files

  2.9k487

• Ciphey/Ciphey

  ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

  Language:Python18.2k1.2k

• Hedroed/png-parser

  Analyse PNG file format for CTF, python API and CLI

  Language:Python9611

• ius/rsatool

  rsatool can be used to calculate RSA and RSA-CRT parameters

  Language:Python1.2k225

• jhaddix/tbhm

  The Bug Hunters Methodology

  3.9k799

• cure53/HTTPLeaks

  HTTPLeaks - All possible ways, a website can leak HTTP requests

  Language:HTML2k202

• s0md3v/AwesomeXSS

  Awesome XSS stuff

  Language:JavaScript4.8k766

• 0xn0ne/weblogicScanner

  weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883

  Language:Python2k340

• therealdreg/x64dbg-exploiting

  Do you want to use x64dbg instead of immunity debugger? oscp eCPPTv2 buffer overflow exploits pocs

  7812

• NodyHub/zipslipper

  Create tar/zip archives that try to exploit zipslip vulnerability.

  Language:Go455