internal0x03 Goto Github PK

awae-prep

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.

bug-bounty-wordlists

A repository that includes all the important wordlists used while bug hunting.

burp-piper-custom-scripts

Custom scripts for the PIPER Burp extensions.

combined-wordlists

A combined wordlists for files and directory discovery

dmut-resolvers

public dns server list for dmut project

facebook-bugbounty-writeups

Collection of Facebook Bug Bounty Writeups

fuzzdicts

Web Pentesting Fuzz 字典,一个就够了。

fuzzdicts-1

渗透测试路径字典，爆破字典。内容来自互联网和实战积累。

fuzzy

Fuzz for sensitive directories without killing the host using ffuf

gitleaks

Scan git repos (or files) for secrets using regex and entropy 🔑

gotator

Gotator is a tool to generate DNS wordlists through permutations.

grapx

grapX will iterate through the URLs and grep the endpoints with all possible extensions.

h2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

headerssrfxd

Scan ssrf on headers. Inspired by the tool https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/ssrf.py

jsa

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

kamerka-gui

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.

key-checker

Go scripts for checking API key / access token validity

lazyrecon

This script is intended to automate your reconnaissance process in an organized fashion.

leaky-paths

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

myscan

myscan 被动扫描

oswe

courses, exploits and lots of code, as i am currently preparing for this exam, i will keep updating everthing i learned or coded here

papers

Academic papers and articles that I read related to web hacking, fuzzing, etc. / 阅读过的Web安全方向、模糊测试方向的一些论文与阅读笔记

redteam_vul

红队作战中比较常遇到的一些重点系统漏洞整理。

rengine

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.

sensitive-file-explorer

shhgit

Ah shhgit! Find GitHub secrets in real time

sqli-query-tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

superwordlist

基于实战沉淀下的各种弱口令字典

unicode-pwn

A simple python3 script that generate unicode payloads..

vhost-brute.sh

Enumerate interesting vhosts via a wordlist attack