mud1t

mud1t's Stars

• denysdovhan/wtfjs

  🤪 A list of funny and tricky JavaScript examples

  Language:JavaScript35.2k5551122.6k

• daffainfo/AllAboutBugBounty

  All about bug bounty (bypasses, payloads, and etc)

  5.8k17161.1k

• KingOfBugbounty/KingOfBugBountyTips

  Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

  Language:Go4.2k23411812

• foospidy/payloads

  Git All the Payloads! A collection of web attack payloads.

  Language:Shell3.6k1985967

• jbtronics/CrookedStyleSheets

  Webpage tracking only using CSS (and no JS)

  Language:CSS3.3k10614138

• swisskyrepo/SSRFmap

  Automatic SSRF fuzzer and exploitation tool

  Language:Python3k5624522

• cujanovic/SSRF-Testing

  SSRF (Server Side Request Forgery) testing resources

  Language:Python2.3k731480

• Ignitetechnologies/BurpSuite-For-Pentester

  This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".

  2.2k756456

• bugcrowd/HUNT

  Language:Python2.2k15038414

• inonshk/31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  2.1k632333

• hannob/snallygaster

  Tool to scan for secret files on HTTP servers

  Language:Python2.1k7441228

• HolyBugx/HolyTips

  A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

  1.8k764304

• zeroc00I/AllVideoPocsFromHackerOne

  This script grab public report from hacker one and make some folders with poc videos

  Language:Shell873422220

• googleinurl/SCANNER-INURLBR

  Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

  Language:PHP87211411395

• federicodotta/Java-Deserialization-Scanner

  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

  Language:Java7753429177

• chrislockard/api_wordlist

  A wordlist of API names for web application assessments

  757153216

• evilsocket/ditto

  A tool for IDN homograph attacks and detection.

  Language:Go73120067

• Coalfire-Research/java-deserialization-exploits

  A collection of curated Java Deserialization Exploits

  Language:Python590435219

• abhi-r3v0/Adhrit

  Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

  Language:JavaScript5383023129

• waf-bypass-maker/waf-community-bypasses

  506141107

• M4DM0e/DirDar

  DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

  Language:Go4456897

• dievus/threader3000

  Multi-threaded Python Port Scanner with Nmap Integration

  Language:Python3547996

• JamieFarrelly/Popular-Site-Subdomains

  A list of subdomains for some of the most popular sites on the internet

  17717866

• 0xtz/Enum_For_All

  16412071

• sensepost/dwn

  d(ockerp)wn - a docker pwn tool manager

  Language:Python1557722

• federicodotta/HandyCollaborator

  Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!

  Language:Java1035423

• az0mb13/frida_setup

  One-click installer for Frida and Burp certs for SSL Pinning bypass

  Language:JavaScript782214

• spenkk/rapiddns-extractor

  Extract subdomains from rapiddns.io

  Language:Python23526

• h-yde/VulnWebApp

  Intentionally vulnerable web application

  Language:JavaScript5200

• keerok/HUNT

  Language:Python2000