Pinned Repositories
Apache-Tomcat-Pentesting
Apache Tomcat exploit and Pentesting guide for penetration tester
bug-bounty-writeups
A curated list of available Bug Bounty & Disclosure Programs and Write-ups.
cloud-penetration-testing
A curated list of cloud pentesting resource, contains AWS, Azure, Google Cloud
exchange-penetration-testing
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
ICS-Pentesting-Tools
A curated list of tools related to Industrial Control System (ICS) security and Penetration Testing
Malware-Analysis
A curated list of awesome malware analysis tools and resources
Penetration-Testing-Interview-Questions
Penetration Testing Interview Questions
Ransomware-Samples
Small collection of Ransomware organized by family.
security-mindmap
This repository stores various roadmap(Mindmaps) for bug bounty Hunter, pentester, offensive(red team), defensive(blue team) and security Professional people
smartrecon
smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter
kh4sh3i's Repositories
kh4sh3i/Ransomware-Samples
Small collection of Ransomware organized by family.
kh4sh3i/smartrecon
smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter
kh4sh3i/exchange-penetration-testing
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
kh4sh3i/bug-bounty-writeups
A curated list of available Bug Bounty & Disclosure Programs and Write-ups.
kh4sh3i/WAF-Bypass
🔥 Web application firewalls (WAF) bypass
kh4sh3i/wifi-password-stealer
steal saved wifi passwords in a computer & ip of target then report them through email.
kh4sh3i/Shodan-Dorks
a curated list of shodan dorks for finding sensitive data in shodan.io
kh4sh3i/ElasticSearch-Pentesting
ElasticSearch exploit and Pentesting guide for penetration tester
kh4sh3i/xmlrpc-exploit
Exploiting the xmlrpc.php on all WordPress versions
kh4sh3i/RabbitMQ-Pentesting
RabbitMQ exploit and Pentesting guide for penetration tester
kh4sh3i/bruteforce-http-authentication
Bruteforce HTTP Authentication. Supports: Basic HTTP authentication ,Digest HTTP authentication
kh4sh3i/ProxyLogon
ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell)
kh4sh3i/CVE-2023-38646
Metabase Pre-auth RCE (CVE-2023-38646)
kh4sh3i/Fresh-Resolvers
List of fresh DNS resolvers updated daily
kh4sh3i/MQTT-Pentesting
MQTT exploit and Pentesting guide for penetration tester
kh4sh3i/CVE-2023-22515
CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
kh4sh3i/Favicon-Hash
Calculate Favicon Hash for Shodan
kh4sh3i/97-Tests-for-Authentication-API
97 JSON Tests for Authentication Endpoints
kh4sh3i/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
kh4sh3i/CKEditor-Pentesting
kh4sh3i/CVE-2023-22527
CVE-2023-22527 | RCE using SSTI in Confluence
kh4sh3i/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
kh4sh3i/kh4sh3i
kh4sh3i/MinIO-Pentesting
MinIO Object Storage 🧮
kh4sh3i/Redis-Pentesting
Redis exploit and Pentesting guide for penetration tester
kh4sh3i/server
☁️ Nextcloud server, a safe home for all your data
kh4sh3i/alpine-curl
Alpine with curl and date installed
kh4sh3i/Awesome-Burp-Extensions
A curated list of awesome Burp Extensions for bug hunter. groups by vulnerability types
kh4sh3i/subdomain-enumeration
subdomain enumeration via https://crt.sh/
kh4sh3i/Threat-Modeling
Threat Modeling and tools