httpvoid / writeups
☆1,177Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for writeups
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep☆1,218Updated 2 months ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆1,819Updated 10 months ago
- This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location☆1,225Updated 3 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆804Updated 2 years ago
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…☆935Updated 4 months ago
- ☆742Updated 4 months ago
- Making Favicon.ico based Recon Great again !☆1,127Updated last year
- Because just a dark theme wasn't enough!☆552Updated 2 years ago
- Community curated list of public bug bounty and responsible disclosure programs.☆1,051Updated this week
- Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…☆877Updated this week
- A wordlist of API names for web application assessments☆760Updated last year
- ☆958Updated 11 months ago
- ☆655Updated 2 years ago
- Burp plugin able to find reflected XSS on page in real-time while browsing on site☆1,133Updated 3 years ago
- 🐛 A list of writeups from the Google VRP Bug Bounty program☆1,146Updated last week
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,253Updated 4 months ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,680Updated 6 months ago
- Automation for javascript recon in bug bounty.☆900Updated last year
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆1,059Updated 9 months ago
- This script grab public report from hacker one and make some folders with poc videos☆874Updated last year
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects☆944Updated 2 years ago
- Electron JS Browser To Find XSS Vulnerabilities Automatically☆684Updated 3 years ago
- Generates combination of domain names from the provided input.☆901Updated 4 months ago
- declutters url lists for crawling/pentesting☆1,203Updated 2 weeks ago
- Fetches javascript file from a list of URLS or subdomains.☆739Updated last year
- ☆990Updated 2 years ago
- Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!☆1,026Updated last month
- bypass-url-parser☆1,021Updated this week
- List of XSS Vectors/Payloads☆1,190Updated last week
- A cheatsheet for exploiting server-side SVG processors.☆695Updated 4 years ago