A passive way to find backups/ sensitive information.

Spring4Shell Burp Scanner

Springboot detection

SpringScan 漏洞检测 Burp插件

simple recon tool to help you for searching vulnerability on web server

Tactics, Techniques, and Procedures

This repository provides several payloads for the web application fuzzing process, each of which has a different payload

java xxe defense demo

Scrape files for sensitive information, and generate an interactive HTML report. Based on Rabin2.

Work in progress...

Work in progress...

tracing with frida-trace some native apis or libs

Dnsbruter is a powerful tool designed to perform active subdomain enumeration and discovery. It uses DNS resolution to efficiently bruteforce and identify potential subdomains for a given target do…

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

frida dump dex, frida dump so

frida-codeshare-scripts.collection of useful FRIDA scripts.A curated list of Frida resources.

Automagically reverse-engineer REST APIs via capturing traffic

实战沉淀字典

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security s…

My notes of Day1 Day2 will be posted here as journey

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Docker container to use blutter (dart decompiler for android apps)

Cyber Security Notes, Methodology, Resources and Tips

An IIS short filename enumeration tool

IIS shortname scanner written in Go

Notes taken from Android App Hacking - Black Belt Edition (UDEMY - Roman Stuehler)