Pinned Repositories
bc2telegram
Simple script to report Burp Collaborator interactions to Telegram bot chat
DesyncCL0
A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
h2csmuggler-proxy
This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.
h2rs
Detects request smuggling via HTTP/2 downgrades.
headers
Python script to get all response headers from Alexa top sites file and store in a MySQL database.
hsecscan
A security scanner for HTTP response headers.
huebrchallenge01
This is my first web challenge called "HueBR Challenge 01".
pubkey-pin-android
Just another example for Android Public Key Pinning (based on OWASP example)
SmuggleTP
A straightforward tool for exploiting SMTP Smuggling vulnerabilities.
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
riramar's Repositories
riramar/Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
riramar/hsecscan
A security scanner for HTTP response headers.
riramar/h2rs
Detects request smuggling via HTTP/2 downgrades.
riramar/pubkey-pin-android
Just another example for Android Public Key Pinning (based on OWASP example)
riramar/h2csmuggler-proxy
This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.
riramar/DesyncCL0
A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
riramar/SmuggleTP
A straightforward tool for exploiting SMTP Smuggling vulnerabilities.
riramar/bc2telegram
Simple script to report Burp Collaborator interactions to Telegram bot chat
riramar/headers
Python script to get all response headers from Alexa top sites file and store in a MySQL database.
riramar/huebrchallenge01
This is my first web challenge called "HueBR Challenge 01".
riramar/h2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
riramar/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
riramar/dnsobserver
A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack.
riramar/knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark & Pushover support
riramar/waymore
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
riramar/IE11xCORSxSOP
IE11 is not following CORS specification for local files
riramar/riramar.github.io
riramar/smuggler
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
riramar/feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
riramar/Findsploit
Find exploits in local and online databases instantly
riramar/notify
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
riramar/poc_salesforce_lightning
Academic purposes only. Attack against Salesforce lightning with guest privilege.
riramar/pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
riramar/scripts
General scripts that helps me everyday
riramar/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
riramar/unfurl
Pull out bits of URLs provided on stdin
riramar/www-project-mobile-security-testing-guide
OWASP Foundation Web Respository
riramar/www-project-secure-headers
OWASP Foundation Web Respository
riramar/www-projectchapter-example
riramar/xorbreak
A Python script to break messages encrypted with simple XOR .