naufalan / Web-App-Methodology
Collection of web app methodology from initial recon into exploit known vulnerability. Used when conducting Bug Bounty, Penetration Testing, or CTF
☆13Updated 3 years ago
Alternatives and similar repositories for Web-App-Methodology:
Users that are interested in Web-App-Methodology are comparing it to the libraries listed below
- SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.☆38Updated 3 years ago
- Blind spot is a python tool for blind injection vulnerabilities , SQLi time based , Command injection , code injection , SSTI☆27Updated 4 years ago
- 3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company☆49Updated 2 years ago
- ☆32Updated 2 years ago
- ☆22Updated 3 years ago
- Stuff for bug bounty☆27Updated last year
- Automation for Open Threat Exchange☆23Updated 10 months ago
- KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…☆58Updated 3 years ago
- ☆38Updated 4 years ago
- A solid recon tool I use personally.☆30Updated last year
- These Repositories About My Recon Methodology To Give Some Idea For Other Hunter How To Do Recon☆44Updated 2 years ago
- Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments,…☆13Updated 6 years ago
- Enhanced 403 bypass header☆21Updated 2 years ago
- Intentionally Vulnerable Nodejs Application & APIs☆22Updated 2 years ago
- ☆37Updated 3 years ago
- The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform☆9Updated 4 years ago
- RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists☆20Updated 4 years ago
- Cool HackerOne Reports☆19Updated 2 years ago
- ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be …☆58Updated 2 years ago
- ☆22Updated 3 years ago
- Small script to check a list of domains against open redirect vulnerability☆25Updated 2 years ago
- Single-WebApp-Target essentials testing methodology tool starting at recon-information gathering for the juicy stuff ended up in exploita…☆22Updated 3 years ago
- Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges☆32Updated 2 years ago
- It grep subdomains, email/username, build custom wordlist etc from gau results☆46Updated 2 years ago
- Alternative to XSS Hunter for blind XSS.☆50Updated 2 years ago
- I collected it to help the bug hunter get a reward☆57Updated 2 years ago
- Checks whether a domain is hosted on a cloud service such as AWS, Azure or CloudFlare☆58Updated 2 years ago