six2dez / pentest-book
☆1,535Updated last week
Related projects: ⓘ
- Rockyou for web fuzzing☆2,547Updated 3 weeks ago
- A collection of awesome one-liner scripts especially for bug bounty tips.☆2,628Updated last month
- Red Teaming & Pentesting checklists for various engagements☆2,474Updated 3 weeks ago
- Tools & Interesting Things for RedTeam Ops☆2,129Updated last year
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing☆2,461Updated 2 months ago
- For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙☆1,680Updated 3 months ago
- ☆2,130Updated 11 months ago
- RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.☆1,719Updated 3 months ago
- Automated & Manual Wordlists provided by Assetnote☆1,284Updated last month
- Notes about attacking Jenkins servers☆1,949Updated 2 months ago
- A curated list of amazingly awesome Burp Extensions☆2,943Updated 2 months ago
- ☆1,033Updated 3 years ago
- Windows / Linux Local Privilege Escalation Workshop☆1,845Updated last year
- Take a list of domains and probe for working HTTP and HTTPS servers☆2,821Updated 2 months ago
- Payload Arsenal for Pentration Tester and Bug Bounty Hunters☆881Updated last year
- Mind-Maps of Several Things☆2,427Updated last year
- ☆1,004Updated 4 months ago
- A repository that includes all the important wordlists used while bug hunting.☆1,167Updated last year
- An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!☆1,519Updated 6 months ago
- Find domains and subdomains related to a given domain☆2,971Updated 3 months ago
- This script is intended to automate your reconnaissance process in an organized fashion☆1,895Updated 3 years ago
- This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 …☆2,192Updated last year
- ☆1,475Updated last year
- BBT - Bug Bounty Tools (examples💡)☆1,695Updated 5 months ago
- Fetch all the URLs that the Wayback Machine knows about for a domain☆3,435Updated 4 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆4,850Updated last month
- XSS payloads designed to turn alert(1) into P1☆1,315Updated last year
- 🎯 XML External Entity (XXE) Injection Payload List☆1,066Updated 2 months ago
- This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage clou…☆2,509Updated 11 months ago
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files☆1,960Updated 3 months ago