mr-xhunt

mr-xhunt's Stars

• KingOfBugbounty/KingOfBugBountyTips

  Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

  Language:Go4.3k817

• dwisiswant0/awesome-oneliner-bugbounty

  A collection of awesome one-liner scripts especially for bug bounty tips.

  2.7k582

• luigigubello/PayloadsAllThePDFs

  PDF Files for Pentesting

  46765

• gprime31/nuclei-templates

  Community curated list of templates for the nuclei engine to find security vulnerabilities.

  1

• MobSF/Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  Language:JavaScript17.6k3.3k

• mazen160/xless

  The Serverless Blind XSS App

  Language:JavaScript330128

• The-XSS-Rat/SecurityTesting

  Language:Python1k268

• masatokinugawa/filterbypass

  Browser's XSS Filter Bypass Cheat Sheet

  1.1k209

• 0xInfection/Awesome-WAF

  🔥 Web-application firewalls (WAFs) from security standpoint.

  Language:Python6.4k1.1k

• mr-xhunt/NahamCon-CTF-2022-Writeup

  7

• nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

  A list of resources for those interested in getting started in bug bounties

  10.8k1.9k

• 0xsha/GoLinkFinder

  A fast and minimal JS endpoint extractor

  Language:Go32750

• jobertabma/relative-url-extractor

  A small tool that extracts relative URLs from a file.

  Language:Ruby728116

• 003random/getJS

  A tool to fastly get all javascript sources/files

  Language:Go729103

• D4Vinci/One-Lin3r

  Gives you one-liners that aids in penetration testing operations, privilege escalation and more

  Language:Python1.7k291

• streaak/keyhacks

  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

  5.1k1.1k

• vavkamil/awesome-vulnerable-apps

  Awesome Vulnerable Applications

  1k163

• ant4g0nist/Vulnerable-Kext

  A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

  Language:C23128

• t0thkr1s/allsafe

  Intentionally vulnerable Android application.

  Language:Java21372

• oversecured/ovaa

  Oversecured Vulnerable Android App

  Language:Java656177

• jaiswalakshansh/Vuldroid

  Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

  Language:Java6217

• dineshshetty/Android-InsecureBankv2

  Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

  Language:Java1.3k457

• mr-xhunt/My_Portfolio

  Language:JavaScript1

• mr-xhunt/Mx_Stock_Screener

  Language:Python1

• mr-xhunt/Port-Scanner

  Port Scanning tool

  Language:Python1

• tp7309/TTPassGen

  密码生成 flexible and scriptable password dictionary generator which can support brute-force、combination、complex rule mode etc...

  Language:Python14825

• sc0tfree/mentalist

  Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

  Language:Python1.8k244

• OWASP/owasp-mastg

  The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

  Language:Python11.8k2.3k

• payloadbox/rfi-lfi-payload-list

  🎯 RFI/LFI Payload List

  540185

• payloadbox/xxe-injection-payload-list

  🎯 XML External Entity (XXE) Injection Payload List

  1.1k302