A curated collection of my security research and bug bounty writeups, documenting real-world vulnerabilities, exploitation methods
☆20Jun 29, 2026Updated 2 weeks ago
Alternatives and similar repositories for security-writeups
Users that are interested in security-writeups are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆78May 5, 2025Updated last year
- A simple HAR-based JavaScript recon automation kit for organizing JS files, endpoints, secrets, and gf-filtered attack surface during bug…☆16May 20, 2026Updated last month
- xnew is a fast, low-memory CLI that appends only unique lines to files. Built in Go for large datasets, it streams input efficiently and …☆27May 23, 2026Updated last month
- An obsessive, expert-tier knowledge base + AI skill system for professional bug bounty hunting, security research, and penetration testin…☆23Apr 25, 2026Updated 2 months ago
- My Main App Hacking CheckList☆31Jun 20, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A powerful subdomain enumeration tool that aggregates data from multiple sources to create comprehensive lists of root subdomains.☆51May 2, 2026Updated 2 months ago
- TokenTwin Checker — Dual Token BAC/IDOR Tester for Burp Suite☆84Jun 28, 2026Updated 2 weeks ago
- This lab is for **EDUCATIONAL PURPOSES ONLY**. Use it responsibly and only on systems you own or have explicit permission to test. Do not…☆21Feb 20, 2026Updated 4 months ago
- Stealth hybrid URL mapper☆17May 1, 2026Updated 2 months ago
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated 5 months ago
- Automated Cloud Misconfiguration Testing☆26Jun 20, 2025Updated last year
- ☆96May 11, 2026Updated 2 months ago
- CLAUDE.md configs and skills I use for bug bounty hunting with Claude Code☆22Apr 14, 2026Updated 3 months ago
- My ATO Via Password Reset Methodology☆53May 13, 2026Updated 2 months ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- URILoot is a browser extension designed for Bug Bounty Hunters and Pentesters. Makes fetching uris easy from various sources.☆63Feb 15, 2026Updated 4 months ago
- The "Let's-defend-solution" directory contains the answers to all paths of the Let's Defend platform that were saved by the creator 8 mon…☆12Apr 27, 2023Updated 3 years ago
- A cheatsheet for common JavaScript sources and sinks that lead to potential vulnerabilities.☆63Jun 13, 2023Updated 3 years ago
- 📍 Visualize Flipper Zero recordings on an interacitve map in your browser.☆39Apr 27, 2026Updated 2 months ago
- Extensión de Burp Suite que incorpora detección pasiva de vulnerabilidades mediante inteligencia artificial.☆17Jun 27, 2026Updated 2 weeks ago
- Bug bounty methodology, checklists, and hunting notes.☆21Updated this week
- Detection for CVE-2025-61675, CVE-2025-61678 & CVE-2025-66039☆46Dec 15, 2025Updated 6 months ago
- An exotic service bruteforce tool.☆14Apr 12, 2025Updated last year
- Replay any request as another user to find IDOR/BOLA/BFLA, right in the browser.☆26Jun 16, 2026Updated 3 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A very simple AEM detector written in rust.🦀☆20Jun 27, 2023Updated 3 years ago
- Process URLs and remove duplicate query parameters.☆27Mar 19, 2024Updated 2 years ago
- Advanced JavaScript File Discovery and Analysis Tool☆188Nov 8, 2025Updated 8 months ago
- A Python tool to resolve domains to IPs, fetch related CVEs, and display open ports☆17Nov 21, 2025Updated 7 months ago
- AISecLists - Your AI Red Teaming Arsenal. Discover a curated collection of prompt lists for diverse AI security assessments, including LL…☆16Jan 18, 2025Updated last year
- ☆93Sep 24, 2024Updated last year
- An advanced Out-of-Band and In-Band SSRF fuzzing scanner with dynamic request tracking.☆36Jun 18, 2026Updated 3 weeks ago
- A lightweight, multi-layer Linux sandbox combining namespaces, pivot_root, seccomp-bpf, capability dropping, and an evidence-based verdic…☆72Updated this week
- CVE-2025-55182-bypass-waf☆30Jan 8, 2026Updated 6 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide ra…☆33Nov 6, 2024Updated last year
- Proof-of-Concept exploit for CVE-2026-23918 (Apache mod_http2 double-free). Features multi-mode DoS (Rapid-RST, Slow-Drip) and passive RC…☆22May 6, 2026Updated 2 months ago
- ☆13Jan 12, 2023Updated 3 years ago
- Live runtime audit for installed Android apps. Runs on the rooted phone, serves a browser dashboard.☆27May 23, 2026Updated last month
- MCP server for automated binary diffing.☆17Updated this week
- Quick Command Cheatsheet, you can import/open directly to you ONE NOTE.☆10Jun 26, 2026Updated 2 weeks ago
- A quick reference script that can easily display reverse shells for different languages.☆20May 28, 2020Updated 6 years ago