lvir0
Follow
Stars
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
Open-source vulnerability disclosure and bug bounty program database
上传漏洞fuzz字典生成脚本
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Open source education content for the researcher community
This repository created for personal use and added tools from my latest blog post.
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
This tool can be used to brute discover GET and POST parameters
A cross-platform note-taking & target-tracking app for penetration testers.
A note-taking macOS app for penetration-testers.
A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
List of Awesome Asset Discovery Resources
XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.
Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
a tool that gets all paths at robots.txt and opens it in the browser.
reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Finds unknown classes of injection vulnerabilities
A curated list of the most common and most interesting robots.txt disallowed directories.
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.