th3-alch3m1st
Follow
Stars
POC from TestANull for CVE-2021-28482 on Exchange Server
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
Assorted tools for security-related task for git repositories
Extensive code infrastructure for finding unintended information leaks in files, git repositories and much more.
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
DNS and Target HTTP History Local Storage and Search
jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
This repository is a suplimentary material for Android Training's done by Anant Shrivastava from 2012-2017
Tools, data, and contact lists relevant to The disclose.io Project.
Collection of scripts & fingerprinting tricks for Shodan.io
A Tool for DNS Delegation Trust Graphing
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…
List of periodically validated public DNS resolvers
hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The ro…