sandrogarcia Goto Github PK

ezxss

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

frida-scripts

fsmon

monitor filesystem on iOS / OS X / Android / FirefoxOS / Linux

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

getjs

A tool to fastly get all javascript sources/files

gin

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.

gmapsapiscanner

gospider

Gospider - Fast web spider written in Go

gotestwaf

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

gtfobins.github.io

GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

howtohunt

Tutorials and Things to Do while Hunting Vulnerability.

httpx

httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

idb

idb is a flexible command line interface for automating iOS simulators and devices

ios-internals-and-security-testing

iOS is Apple's proprietary operating system that runs on the iPhone, iPod Touch and iPad. A lot of components are specific to iOS. Here are key features of the iOS hardware and software security architecture and guide how to test your applications.

ios.cfw.guide

A complete iOS modding guide, from stock to jailbroken.

keychain-dumper

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

kingofbugbountytips

kiterunner

Contextual Content Discovery Tool

l4sh

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

matomo

Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!

mobilehackingcheatsheet

Basics on commands/tools/info on how to assess the security of mobile applications

modlishka

Modlishka. Reverse Proxy.

mubeng

An incredibly fast proxy checker & IP rotator with ease.

ntdsaudit

An Active Directory audit utility

owasp-calculator

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

owasp-mstg

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

pagarme-php

:blue_heart: Pagar.me's PHP API

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF