Obtain GraphQL API schema even if the introspection is disabled

Download an entire website from the Wayback Machine.

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

记录自己编写、修改的部分工具

Binary exploitation exercises and scripts

Collections of Orange Tsai's public presentation slides.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

random ctf solutions

Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.

Automation for internal Windows Penetrationtest / AD-Security

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Client Side Prototype Pollution Scanner

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A fast production-ready static web server with TLS (HTTPS), routing, hot reloading, caching, templating, and security in a single-binary you can set up with zero code.

Vulnerability Scan with Nuclei

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

A cURL wrapper

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing

Mario the game but you rescue the princess by hacking.

Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts and gather service information

Public Roadmap | huntr.dev

A tool used to check if a CNAME resolves to the scope address. If the CNAME resolves to a non-scope address it might be worth checking out if subdomain takeover is possible.

Powershell crazy and sometimes diabolic scripts

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and re…

🐶 A curated list of Web Security materials and resources.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

Red Team Scripts by d0nkeys (ex SnadoTeam)