Pinned Repositories
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
APT_REPORT
Interesting APT Report Collection And Some Special IOC
ars0n-framework-dockerized
A Modern Bug Bounty Hunting Framework Packaged in Docker
ASP-Bank
A proof of concept project that demonstrates oWASP.org's top 10 web vulnerabilities
ASPVulnerableLab
Vulnerable ASP based Web Application
auth0-sso-sample
Doing Single Sign On between SPAs and Regular Web Apps
AWAE-PREP
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
awesome-mitre-attack
A curated list of awesome resources related to Mitre ATT&CK™ Framework
Awesome-XSS-Payloads
Exotic and uncommon XSS Vectors to hit the target as quickly as possible.
mwebsec's Repositories
mwebsec/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
mwebsec/APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
mwebsec/APT_REPORT
Interesting APT Report Collection And Some Special IOC
mwebsec/ars0n-framework-dockerized
A Modern Bug Bounty Hunting Framework Packaged in Docker
mwebsec/BetaFast
Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
mwebsec/Bug-Bounty-Methodology
These are my checklists which I use during my hunting.
mwebsec/crAPI
completely ridiculous API (crAPI)
mwebsec/cs5331-ssti
CS5331 Server-Side Template Injection Project
mwebsec/dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
mwebsec/Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
mwebsec/fuzzing-templates
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
mwebsec/Ghostwriter
The SpecterOps project management and reporting engine
mwebsec/GOAD
game of active directory
mwebsec/hackerone-reports
Top disclosed reports from HackerOne
mwebsec/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
mwebsec/nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
mwebsec/NucleiFuzzer
NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
mwebsec/OSCE3-Complete-Guide
OSWE, OSEP, OSED, OSEE
mwebsec/OWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.
mwebsec/ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
mwebsec/POCs
mwebsec/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
mwebsec/Veil
Veil 3.1.X (Check version info in Veil at runtime)
mwebsec/Vulhub-Reproduce
一个Vulhub漏洞复现知识库
mwebsec/Vulnerable-OAuth-2.0-Applications
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
mwebsec/WebGoat.NET
OWASP WebGoat.NET
mwebsec/websitesVulnerableToSSTI
Simple websites vulnerable to Server Side Template Injections(SSTI)
mwebsec/wifiphisher
The Rogue Access Point Framework
mwebsec/xxe-injection-payload-list
🎯 XML External Entity (XXE) Injection Payload List
mwebsec/XXE-study
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.