briansandro Goto Github PK

31-days-of-api-security-tips

This challenge is Inon Shkedy's 31 days API Security Tips.

a-red-teamer-diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

activedirectory

PowerShell Scripts, Functions, and Modules for managing Active Directory

activedirectory-1

powershell for Active Directory

api-pentesting

API Pentesting notes.

api-security-checklist

Checklist of the most important security countermeasures when designing, testing, and releasing your API

atomic-red-team

Small and highly portable detection tests.

awesome-hacking

A collection of various awesome lists for hackers, pentesters and security researchers

awesome-python

A curated list of awesome Python frameworks, libraries, software and resources

bashbunny-payloads

Payloads for the Hak5 Bash Bunny

betterdefaultpasslist

bluekeep

Proof of concept for CVE-2019-0708

bluekeep_cve-2019-0708_poc_to_exploit

Porting BlueKeep PoC from @Ekultek to actual exploits

bug-bounty-reference

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

bypass-web-application-firewalls

Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|

cehv10

Leaked slides and labs

cheatsheets

Penetration Testing/Security Cheatsheets

cheatsheets-1

Helped during my OSCP lab days.

cloudflare-scrape

A simple Python module to bypass Cloudflare's anti-bot page.

cms-exploit-framework

CMS Exploit Framework

crawljax

Crawljax: Crawling JavaScript-based Ajax Web Applications

ctf-notes

Everything needed for doing CTFs

cve-2017-12617

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution

cve-2019-0708

Only Hitting PoC [Tested on Windows Server 2008 r2]

cve-2019-0709

Scanner PoC for CVE-2019-0708 RDP RCE vuln

cve-2019-19781

CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit

dr.-watson

Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!

drup

Default Routers,Modems and IP Cams Credentials

everything-oscp

Custom checklists, cheatsheets, links, and scripts