0xxen
Follow
Lists (3)
Stars
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
A next-generation crawling and spidering framework.
Machine learning from scratch
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A collection of Bug Bounty Tips collected from GitHub to all bug bounty hunters
A list of interesting payloads, tips and tricks for bug bounty hunters.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice
Top disclosed reports from HackerOne
My Notes on Regular Expressions for AWAE/OSWE.
Advanced SQL Injection Techniques for Bug Bounty Hunters
List of Directory Traversal/LFI Payloads Scraped from the Internet
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
A list of resources for those interested in getting started in bug bounties
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
🔥 Web-application firewalls (WAFs) from security standpoint.
A python script that finds endpoints in JavaScript files