setupaccsid Goto Github PK

awesome-burp-suite

Awesome Burp Suite Resources. 400+ open source Burp plugins, 500+ posts and videos.

awesome-courses

:books: List of awesome university courses for learning Computer Science!

awesome-interview-questions

:octocat: A curated awesome list of lists of interview questions. Feel free to contribute! :mortar_board:

awesome-red-teaming

List of Awesome Red Teaming Resources

awesomexss

Awesome XSS stuff

big-list-of-naughty-strings

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

bitvijays.github.io

bypass-web-application-firewalls

Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|

cheatsheet-god

Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet

commodity-injection-signatures

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

ctf-writeups

CTF write-ups from the VulnHub CTF Team

dostackbufferoverflowgood

exploits

Windows Exploits

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

github-for-non-programmers

A guide to using GitHub for people who don't code and don't want to code.

intruderpayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

linux-kernel-exploits

linux-kernel-exploits Linux平台提权漏洞集合

payloads

Git All the Payloads! A collection of web attack payloads.

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pentesting-bible

This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

powershell-for-pentesters

PowerShell for Pentesters

powershellscripts

Collection of PowerShell scripts

sec-tool-list

More than 18K security related open source tools, sorted by star count. Both in markdown and json format.

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

web-ctf-cheatsheet

Web CTF CheatSheet 🐈

what-happens-when

An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"

windows-kernel-exploits

windows-kernel-exploits Windows平台提权漏洞集合

xxe

ysoserial.net-complied

This repository contains complied exe of ysoserial.net ( ys.exe in directory ysoserial/bin/Debug). This work belongs to @pwntester bhai ji \m/