hideckies / exploit-notes
Sticky notes for pentesting, bug bounty, CTF.
☆592Updated this week
Related projects: ⓘ
- A simple tool for bypassing file upload restrictions.☆755Updated last month
- 1337 Wordlists for Bug Bounty Hunting☆730Updated last month
- This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.☆487Updated last month
- Tips on how to write exploit scripts (faster!)☆397Updated 2 months ago
- Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool☆696Updated 4 months ago
- A RedTeam Toolkit☆377Updated 7 months ago
- ☆426Updated this week
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆823Updated last year
- A library for detecting known secrets across many web frameworks☆476Updated 3 months ago
- Real-world infosec wordlists, updated regularly☆1,350Updated this week
- Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.☆541Updated this week
- bypass-url-parser☆993Updated this week
- Burp Suite Certified Practitioner Exam Study☆876Updated 3 months ago
- Automatic SSTI detection tool with interactive interface☆757Updated 3 weeks ago
- Tool to bypass 403/40X response codes.☆1,084Updated last month
- Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search …☆508Updated 7 months ago
- Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.☆1,351Updated last week
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆39Updated 4 months ago
- Penelope Shell Handler☆590Updated this week
- Pentest Report Generator☆347Updated this week
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆515Updated 3 months ago
- An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.☆515Updated last year
- Script for generating revshells☆451Updated last week
- Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.☆1,206Updated this week
- PDF Files for Web Pentesting☆411Updated 3 months ago
- ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)☆791Updated 3 months ago
- Burp Plugin to Bypass WAFs through the insertion of Junk Data☆838Updated last month
- NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications☆1,236Updated this week
- List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting p…☆460Updated 8 months ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆923Updated 8 months ago