Pinned Repositories
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Advanced-SQL-Injection-Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
Android-Security-Teryaagh
Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
Bug-Bounty-Tools
The tools I have programmed to help me with bugbounty's
Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
BugBountyStuff
Stuff for bug bounty
byp4xx
Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips tricks and 2454 User-Agents.
thatpham's Repositories
thatpham/31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
thatpham/Advanced-SQL-Injection-Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
thatpham/AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
thatpham/Android-Security-Teryaagh
Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
thatpham/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
thatpham/Bug-Bounty-Tools
The tools I have programmed to help me with bugbounty's
thatpham/Bug-Bounty-Wordlists
A repository that includes all the important wordlists used while bug hunting.
thatpham/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
thatpham/BugBountyStuff
Stuff for bug bounty
thatpham/byp4xx
Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips tricks and 2454 User-Agents.
thatpham/bypass_disablefunc_via_LD_PRELOAD
bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
thatpham/cve
Gather and update all available and newest CVEs with their PoC.
thatpham/CVE-2021-3129_exploit
Exploit for CVE-2021-3129
thatpham/exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
thatpham/Golden-Guide-for-Pentesting
Golden Guide
thatpham/google-dorks-bug-bounty
A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
thatpham/HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
thatpham/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
thatpham/Mind-Maps
Mind-Maps of Several Things
thatpham/Pentest-Cheat-Sheets
A collection of snippets of codes and commands to make your life easier!
thatpham/portswigger-websecurity-academy
Writeups for PortSwigger WebSecurity Academy
thatpham/PowerShdll
Run PowerShell with rundll32. Bypass software restrictions.
thatpham/pwn_jenkins
Notes about attacking Jenkins servers
thatpham/reFlutter
Flutter Reverse Engineering Framework
thatpham/SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
thatpham/SSRFmap
Automatic SSRF fuzzer and exploitation tool
thatpham/UForAll
UForAll is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl
thatpham/Villain
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
thatpham/vulnerability-Checklist
thatpham/weird_proxies
Reverse proxies cheatsheet