yaworsk's Stars
opnsec/postMessage-logger
Simple "postMessage logger" Chrome extension
harisaurus/react-native-workshop
hakluke/hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
kapytein/jsonp
jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
lgandx/CCrawlDNS
This small utility retrieves from the CommonCrawl data set unique subdomains for a given domain name.
anshumanbh/git-all-secrets
A tool to capture all the git secrets by leveraging multiple open source git searching tools
tarraschk/richelieu
List of the most common French passwords
mindedsecurity/graphqlschema2payload
Reverse engineers GQL Schema and generates template payloads
righettod/poc-graphql
Research on GraphQL from an AppSec point of view.
GoesToEleven/GolangTraining
Training for Golang (go language)
JuxhinDB/OOB-Server
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
secfigo/Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
woj-ciech/LeakLooker
Find open databases - Powered by Binaryedge.io
google/security-research-pocs
Proof-of-concept codes created as part of security research done by Google Security Team.
mandatoryprogrammer/JudasDNS
Nameserver DNS poisoning attacks made easy
firefart/CVE-2018-7600
CVE-2018-7600 - Drupal 7.x RCE
EdOverflow/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
tc39/security
Discussion area for security aspects of ECMAScript
arkadiyt/bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
eth0izzle/bucket-stream
Find interesting Amazon S3 Buckets by watching certificate transparency logs.
nahamsec/JSParser
natalysheinin/s3cur1ty-stuff
orangetw/My-CTF-Web-Challenges
Collection of CTF Web challenges I made
orangetw/Tiny-URL-Fuzzer
A tiny and cute URL fuzzer
x0rz/phishing_catcher
Phishing catcher using Certstream
nahamsec/recon_profile
cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
mazen160/bfac
BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.