orangetw / bug-bounty-referenceLinks
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
☆55Updated 8 years ago
Alternatives and similar repositories for bug-bounty-reference
Users that are interested in bug-bounty-reference are comparing it to the libraries listed below
Sorting:
- YSOSERIAL Integration with burp suite☆166Updated 2 years ago
- CVE-2018-7600 - Drupal 7.x RCE☆72Updated 7 years ago
- Java serialization brute force attack tool.☆123Updated 7 years ago
- ☆232Updated 9 years ago
- ☆162Updated 7 years ago
- ☆55Updated 8 years ago
- Script to test if a server is vulnerable to the JetLeak vulnerability☆144Updated 9 years ago
- XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.☆140Updated 6 years ago
- Central Repo for Burp extensions☆151Updated 3 years ago
- Tool for CVE-2018-16323☆81Updated 6 years ago
- ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)☆291Updated 2 years ago
- Java deserialization exploitation lab.☆234Updated 6 years ago
- Facebook Bug Bounties☆102Updated 4 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Updated 8 years ago
- Security checks pack for Burp Suite☆138Updated 7 years ago
- Happy Hunting☆136Updated 6 years ago
- Spring messaging STOMP protocol RCE☆113Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆34Updated 8 years ago
- Web Fuzzing Discovery and Attack Pattern Database☆115Updated 7 years ago
- Utils☆273Updated 9 years ago
- Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.☆120Updated 4 years ago
- Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and…☆75Updated 7 years ago
- A Java serializer in JavaScript☆81Updated 7 years ago
- CVE-2018-7600 Drupal RCE☆116Updated 7 years ago
- 各种漏洞poc、Exp的收集或编写☆33Updated 9 years ago
- CVE-2018-2893-PoC☆103Updated 6 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆123Updated 7 years ago
- Web Input Vector Extractor Teaser☆132Updated 3 years ago
- HTML5 WebSocket message fuzzer☆146Updated 6 years ago
- Cross Site Scripting Payloads -- Variations☆72Updated 3 months ago