Lists (6)
Stars
FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.
Pack/Encrypt/Obfuscate ELF + SHELL scripts
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
I-Espresso is a tool that enables users to generate Portable Executable (PE) files from batch scripts. Leveraging IExpress, it demonstrates how file extension spoofing can be used to evade detection.
Probe a rendering engine for vulnerabilities and other features
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
A streamlined tool for discovering private TLDs for security research.
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
The most exhaustive list of reliable DNS resolvers.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
HTTPLeaks - All possible ways, a website can leak HTTP requests
HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
Top disclosed reports from HackerOne
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
A curated list of awesome privilege escalation
noby0x1 / Mind-Maps
Forked from Amr-Hamza/Elnoby0x1Config files for my GitHub profile.