doyensec/awesome-electronjs-hacking

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/doyensec/awesome-electronjs-hacking)

doyensec / awesome-electronjs-hacking

A curated list of awesome resources about Electron.js (in)security

☆656

Alternatives and similar repositories for awesome-electronjs-hacking

Users that are interested in awesome-electronjs-hacking are comparing it to the libraries listed below

Sorting:

msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆522Sep 17, 2022Updated 3 years ago
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,589Jan 27, 2024Updated 2 years ago
jmdx / TLS-poison
View on GitHub
☆705Nov 27, 2024Updated last year
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆953Dec 31, 2021Updated 4 years ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆656Jun 29, 2025Updated 8 months ago
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
httpvoid / writeups
View on GitHub
☆1,200Sep 2, 2022Updated 3 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆612Mar 4, 2021Updated 5 years ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
gquere / pwn_jenkins
View on GitHub
Notes about attacking Jenkins servers
☆2,091Jul 10, 2024Updated last year
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆649Feb 21, 2024Updated 2 years ago
xdavidhu / awesome-google-vrp-writeups
View on GitHub
🐛 A list of writeups from the Google VRP Bug Bounty program
☆1,452Feb 7, 2026Updated last month
benso-io / posta
View on GitHub
🐙 Cross-document messaging security research tool powered by https://enso.security
☆301May 22, 2023Updated 2 years ago
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,482Oct 12, 2024Updated last year
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,082Aug 14, 2024Updated last year
allanlw / svg-cheatsheet
View on GitHub
A cheatsheet for exploiting server-side SVG processors.
☆793Jul 2, 2020Updated 5 years ago
RenwaX23 / XSSTRON
View on GitHub
Electron JS Browser To Find XSS Vulnerabilities Automatically
☆747Mar 30, 2021Updated 4 years ago
fransr / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆1,293Jan 26, 2024Updated 2 years ago
doyensec / inql
View on GitHub
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
☆1,737Feb 16, 2026Updated 2 weeks ago
BlackFan / cspp-tools
View on GitHub
Client-Side Prototype Pollution Tools
☆87Sep 21, 2021Updated 4 years ago
orangetw / My-Presentation-Slides
View on GitHub
Collections of Orange Tsai's public presentation slides.
☆751Jan 1, 2025Updated last year
irsdl / top10webseclist
View on GitHub
Top Ten Web Hacking Techniques List
☆757Nov 10, 2023Updated 2 years ago
defparam / haptyc
View on GitHub
☆95Sep 18, 2021Updated 4 years ago
xsleaks / xsleaks
View on GitHub
A collection of browser-based side channel attack vectors.
☆759Mar 19, 2024Updated last year
doyensec / regexploit
View on GitHub
Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
☆846Feb 9, 2024Updated 2 years ago
detectify / page-fetch
View on GitHub
Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…
☆529Apr 23, 2025Updated 10 months ago
BishopFox / h2csmuggler
View on GitHub
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
☆782May 10, 2022Updated 3 years ago
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆915Jul 3, 2024Updated last year
terjanq / Tiny-XSS-Payloads
View on GitHub
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
☆2,313Nov 29, 2024Updated last year
yeswehack / PwnFox
View on GitHub
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
☆1,292Aug 7, 2024Updated last year
0ang3el / websocket-smuggle
View on GitHub
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆391Aug 15, 2024Updated last year
iangcarroll / cookiemonster
View on GitHub
🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
☆967Jan 10, 2025Updated last year
nccgroup / singularity
View on GitHub
A DNS rebinding attack framework.
☆1,263Dec 4, 2025Updated 3 months ago
doyensec / burpdeveltraining
View on GitHub
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
☆356Oct 14, 2020Updated 5 years ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,679Dec 23, 2024Updated last year
Escapingbug / awesome-browser-exploit
View on GitHub
awesome list of browser exploitation tutorials
☆2,266Sep 18, 2023Updated 2 years ago
jaiswalakshansh / Facebook-BugBounty-Writeups
View on GitHub
Collection of Facebook Bug Bounty Writeups
☆706Jan 16, 2026Updated last month