Checklist of the most important security countermeasures when designing, testing, and releasing your API

In-depth attack surface mapping and asset discovery

Penetration tests guide based on OWASP including test cases, resources and examples.

someone needs help

Ressources for bug bounty hunting

This script grab public report from hacker one and make some folders with poc videos

Tool to help exploit XXE vulnerabilities

List DTDs and generate XXE payloads using those local DTDs.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🎯 XML External Entity (XXE) Injection Payload List

XXE POC

A service which is vulnerable to XML External Entity (XXE) attacks.

XXE vulnerability creator

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF…

A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.

A web app for injecting code into different file types.

BugBounty_CheatSheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Collection of methodology and test case for various web vulnerabilities.