🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program
☆31Oct 29, 2025Updated 4 months ago
Alternatives and similar repositories for awesome-msrc-writeups
Users that are interested in awesome-msrc-writeups are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Android webviews and securiy☆23Sep 18, 2025Updated 6 months ago
- JSSCM detects expired domains for Stored XSS exploitation during browsing.☆58Apr 3, 2025Updated 11 months ago
- PoC List☆10Sep 4, 2022Updated 3 years ago
- ☆36Jan 8, 2026Updated 2 months ago
- PostScript examples useful for attacking Ghostscript.☆12Aug 1, 2024Updated last year
- Keep track of changes in website with WEBSY☆35May 22, 2023Updated 2 years ago
- ☆61Nov 4, 2025Updated 4 months ago
- BetterBugBounty - Here tools are classic, bugs are hunted, and nostalgia is the ultimate weapon!☆29Feb 10, 2024Updated 2 years ago
- 申明:仅供教学演示,禁用非法、未授权等进行钓鱼,后果自负。☆12May 21, 2024Updated last year
- ☆38Feb 27, 2026Updated 3 weeks ago
- InfiniteWP Client < 1.9.4.5 - Authentication Bypass☆21Jul 28, 2021Updated 4 years ago
- ☆35Aug 5, 2025Updated 7 months ago
- ☆49Jul 8, 2025Updated 8 months ago
- OSS存储桶的漏洞扫描工具,目前支持阿里云、腾讯云、华为云、aws☆62Nov 5, 2025Updated 4 months ago
- If you found this, you are among the truly lucky, to be given providence to my curated and often custom wordlists. Enjoy, buddy, you've …☆62Jun 20, 2025Updated 9 months ago
- 利用Gemini分析前端js文件中的安全漏洞☆39Jun 30, 2025Updated 8 months ago
- Script to automate bypassing 403 forbidden status code☆24Jun 18, 2025Updated 9 months ago
- PoC for XSS in org.webjars:swagger-ui [3.14.2, 3.36.2]☆51Feb 17, 2023Updated 3 years ago
- ☆38Aug 12, 2020Updated 5 years ago
- Active monitoring bug bounty programs tool☆49Jan 21, 2026Updated 2 months ago
- ☆14Mar 10, 2025Updated last year
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆119Feb 13, 2026Updated last month
- Laravel Debug mode RCE漏洞(CVE-2021-3129)poc / exp☆13Mar 4, 2023Updated 3 years ago
- A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage…☆123Sep 12, 2025Updated 6 months ago
- Standardised setup for researching WordPress plugin- and theme vulnerabilities.☆30Updated this week
- Blank methodology sheet for the OSWE exam☆13Dec 17, 2021Updated 4 years ago
- Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.☆21Jan 13, 2025Updated last year
- uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl☆52Nov 3, 2025Updated 4 months ago
- A Lightning-Fast DNS Resolver written in Rust 🦀☆69Nov 19, 2024Updated last year
- Web Application Attack☆14Dec 16, 2019Updated 6 years ago
- HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…☆49Dec 2, 2017Updated 8 years ago
- 一些关于ISCC平台的实用脚本☆10Jun 2, 2024Updated last year
- Javascript file change monitoring☆17Mar 13, 2026Updated last week
- XSSRecon automates the process of testing URL parameters for reflection of a test payload rix4uni and further checks how special characte…☆52Jan 16, 2026Updated 2 months ago
- 🎉 CVE Monitor v1.0☆26Jun 30, 2025Updated 8 months ago
- Results from analyzing data gathered from 1.6 billion subdomains☆32Oct 15, 2024Updated last year
- It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.☆59Mar 2, 2022Updated 4 years ago
- Mine URLs from Browser's Heap Snapshot for fun and profit☆64Aug 9, 2023Updated 2 years ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year