🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program
☆33Oct 29, 2025Updated 6 months ago
Alternatives and similar repositories for awesome-msrc-writeups
Users that are interested in awesome-msrc-writeups are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Android webviews and securiy☆24Sep 18, 2025Updated 7 months ago
- JSSCM detects expired domains for Stored XSS exploitation during browsing.☆57Apr 3, 2025Updated last year
- Argus is used to test for Blind XSS and SSRF vulnerbilities or any sort of OOB detection☆14Nov 1, 2024Updated last year
- PoC List☆10Sep 4, 2022Updated 3 years ago
- PostScript examples useful for attacking Ghostscript.☆12Aug 1, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Keep track of changes in website with WEBSY☆35May 22, 2023Updated 2 years ago
- ☆62Nov 4, 2025Updated 5 months ago
- BetterBugBounty - Here tools are classic, bugs are hunted, and nostalgia is the ultimate weapon!☆30Feb 10, 2024Updated 2 years ago
- 申明:仅供教学演示,禁用非法、未授权等进行钓鱼,后果自负。☆12May 21, 2024Updated last year
- ☆40Feb 27, 2026Updated 2 months ago
- InfiniteWP Client < 1.9.4.5 - Authentication Bypass☆21Jul 28, 2021Updated 4 years ago
- ☆35Aug 5, 2025Updated 8 months ago
- ☆50Updated this week
- This repo contains code for the parser to extract data from .tm7 and .tb7 files. The project can by consumed as a NuGet package that pars…☆16Jun 15, 2023Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- OSS存储桶的漏洞扫描工具,目前支持阿里云、腾讯云、华为云、aws☆64Nov 5, 2025Updated 5 months ago
- If you found this, you are among the truly lucky, to be given providence to my curated and often custom wordlists. Enjoy, buddy, you've …☆62Jun 20, 2025Updated 10 months ago
- Script to automate bypassing 403 forbidden status code☆24Jun 18, 2025Updated 10 months ago
- 利用Gemini分析前端js文件中的安全漏洞☆39Jun 30, 2025Updated 10 months ago
- PoC for XSS in org.webjars:swagger-ui [3.14.2, 3.36.2]☆51Feb 17, 2023Updated 3 years ago
- Active monitoring bug bounty programs tool☆49Jan 21, 2026Updated 3 months ago
- ☆38Aug 12, 2020Updated 5 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆118Feb 13, 2026Updated 2 months ago
- ☆15Mar 10, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Laravel Debug mode RCE漏洞(CVE-2021-3129)poc / exp☆13Mar 4, 2023Updated 3 years ago
- PHP Phishing Framework☆28Dec 28, 2013Updated 12 years ago
- A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage…☆125Sep 12, 2025Updated 7 months ago
- Standardised setup for researching WordPress plugin- and theme vulnerabilities.☆31Mar 17, 2026Updated last month
- Blank methodology sheet for the OSWE exam☆13Dec 17, 2021Updated 4 years ago
- Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.☆26Jan 13, 2025Updated last year
- Guide to SSRF☆76Oct 10, 2023Updated 2 years ago
- uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl☆54Nov 3, 2025Updated 6 months ago
- A Lightning-Fast DNS Resolver written in Rust 🦀☆69Nov 19, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…☆50Dec 2, 2017Updated 8 years ago
- Web Application Attack☆14Dec 16, 2019Updated 6 years ago
- Javascript file change monitoring☆18Mar 13, 2026Updated last month
- ☆162Mar 30, 2026Updated last month
- It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.☆60Mar 2, 2022Updated 4 years ago
- Results from analyzing data gathered from 1.6 billion subdomains☆32Oct 15, 2024Updated last year
- Mine URLs from Browser's Heap Snapshot for fun and profit☆65Aug 9, 2023Updated 2 years ago