RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists
☆19Feb 29, 2020Updated 6 years ago
Alternatives and similar repositories for WebHackingNotes
Users that are interested in WebHackingNotes are comparing it to the libraries listed below
Sorting:
- a tool that gets all paths at robots.txt and opens it in the browser.☆14Aug 2, 2019Updated 6 years ago
- Subvenkon is a subdomain enumerator from Venkon☆22Jun 22, 2020Updated 5 years ago
- ☆12Feb 18, 2022Updated 4 years ago
- An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, website…☆14Aug 23, 2022Updated 3 years ago
- A BurpSuite plugin for BBRF☆25Nov 17, 2024Updated last year
- Take a list of URIs and print all the of the paths☆10Aug 16, 2020Updated 5 years ago
- ☆11Jul 28, 2020Updated 5 years ago
- ☆11Jun 19, 2024Updated last year
- whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)☆32Jun 15, 2020Updated 5 years ago
- Tool for checking reflecting Parameters in a URL.☆10Aug 31, 2020Updated 5 years ago
- ☆13Feb 14, 2022Updated 4 years ago
- Tool to try multiple paths for PHPunit RCE CVE-2017-9841☆29Oct 18, 2021Updated 4 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- Tools and resources for web app hacking. The payloads.txt documents are a must have for your Burpsuite intruder payload armory. They've h…☆28Jun 10, 2019Updated 6 years ago
- ☆11Aug 27, 2020Updated 5 years ago
- Check url is live (*HTTP status code "200 ok" only*).☆15Jun 13, 2020Updated 5 years ago
- A collection of wordlists to use with privilege escalation and password cracking tasks☆14Feb 13, 2024Updated 2 years ago
- ☆57Sep 2, 2020Updated 5 years ago
- A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!☆87Apr 3, 2020Updated 5 years ago
- Simple tool to test for SSRF/OOB HTTP Read within the Path of a request☆30Aug 2, 2019Updated 6 years ago
- Misc. Public Reports of Penetration Testing and Security Audits.☆35Jan 8, 2021Updated 5 years ago
- Built on a lazy Sunday after seeing this tweet (https://twitter.com/intigriti/status/1272145863868104705?s=20) I present to you, Paramete…☆51Jun 14, 2020Updated 5 years ago
- The project is based on Ben Clark's book: Red Team Field Manual.☆57Jan 25, 2017Updated 9 years ago
- This Burp extension helps you to find usages of postMessage and recvMessage☆15Feb 20, 2020Updated 6 years ago
- Workflow for pentesting web applications.☆21Feb 19, 2019Updated 7 years ago
- FUD MSFVenom Payload Gen. CatchYou 2 is a fork from CatchYou by TheLinuxChoice.☆12Aug 2, 2020Updated 5 years ago
- In this repo I collect all commands, links, techniques and tricks i found during my work as pentester, hacker, OSCP student and hack the …☆64Dec 21, 2020Updated 5 years ago
- ☆32Dec 30, 2022Updated 3 years ago
- A set of tools, procedures, and playbooks for performing bug bounties☆17Dec 2, 2018Updated 7 years ago
- 4xxbypass☆66Mar 29, 2021Updated 4 years ago
- Collection of content discovery wordlists in one wordlist.☆38Jan 18, 2022Updated 4 years ago
- A curated list of amazingly bug bounty tips from security researchers around the world.☆104Mar 14, 2019Updated 6 years ago
- Awesome Hacking☆20Nov 9, 2018Updated 7 years ago
- Tool to find stored robots.txt files from the past☆19Jun 4, 2023Updated 2 years ago
- A tool to test working urls.☆43Nov 17, 2020Updated 5 years ago
- ☆20Aug 15, 2020Updated 5 years ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆174Nov 11, 2020Updated 5 years ago
- Discovery Header Bug Bounty to DoD☆49Aug 20, 2021Updated 4 years ago
- Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.☆40Nov 21, 2025Updated 3 months ago