Pinned Repositories
4-ZERO-3
403/401 Bypass Methods + Bash Automation + Your Support ;)
android-backup-extractor
Android backup extractor
android-keystore-audit
apkeep
AppSync
Unified AppSync dynamic library for iOS 5 and above.
avatarify-python
Avatars for Zoom, Skype and other video-conferencing apps.
client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
sandrogarcia's Repositories
sandrogarcia/avatarify-python
Avatars for Zoom, Skype and other video-conferencing apps.
sandrogarcia/AvillaForensics
Avilla Forensics 3.0
sandrogarcia/awesome-api-security
A collection of awesome API Security tools and resources.
sandrogarcia/badsecrets
A library for detecting known secrets across many web frameworks
sandrogarcia/bbrf-client
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
sandrogarcia/bbrf-server
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
sandrogarcia/BBTz
BBT - Bug Bounty Tools (examples💡)
sandrogarcia/botpress
The open-source hub to build & deploy GPT/LLM Agents ⚡️
sandrogarcia/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
sandrogarcia/disable-flutter-tls-verification
A Frida script that disables Flutter's TLS verification
sandrogarcia/dot
The Deepfake Offensive Toolkit
sandrogarcia/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
sandrogarcia/exploit-notes
Sticky notes for pentesting.
sandrogarcia/ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
sandrogarcia/gotestwaf
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
sandrogarcia/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems
sandrogarcia/HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
sandrogarcia/ios.cfw.guide
A complete iOS modding guide, from stock to jailbroken.
sandrogarcia/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
sandrogarcia/MobileHackingCheatSheet
Basics on commands/tools/info on how to assess the security of mobile applications
sandrogarcia/mubeng
An incredibly fast proxy checker & IP rotator with ease.
sandrogarcia/privilege-escalation-awesome-scripts-suite
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
sandrogarcia/RegExAPI
list of regex for apis
sandrogarcia/secrets-patterns-db
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
sandrogarcia/UxPlay
AirPlay Unix mirroring server
sandrogarcia/waf-bypass
Check your WAF before an attacker does
sandrogarcia/Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
sandrogarcia/webshell
This is a webshell open source project
sandrogarcia/x89
sandrogarcia/xss_vibes
A modern tool written in Python that automates your xss findings.