{{ message }}
Automatic SQL injection and database takeover tool
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
API, CLI & Web App for analyzing & finding a person's profile across social media \ websites (Detections are updated regularly)
App Attest allows your app to attach a hardware-backed assertion as a part of the request. Your server can use assertion to verify the request came from your genuine app, on a genuine Apple device.
https://developer.apple.com/videos/play/wwdc2021/10244/
https://developer.apple.com/documentation/devicecheck/assessing_fraud_risk
https://developer.apple.com/documentation/bundleresources/entit
Web path scanner
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
SpiderFoot automates OSINT so you can focus on analysis.
A collection of open source and commercial tools that aid in red team operations.
I testing bruteforce my opencart store.
this is body request:
-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="username"
^USER^
-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="password"
^PASS^
-----------------------------34237939373614592773956005873
Content-Disposition: form-dat
A swiss army knife for pentesting networks
Can we have a feature where a normal brute force is running based on HTTP response like 403/401 do a recursive brute force on that endpoint?
Directory/File, DNS and VHost busting tool written in Go
Several users originally missing security question answers - most notably bjoern.k
RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.
Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:
[!][~][>]| {}If any of these characters appear in any of the tests, fail the CI. E
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
This is a multi-use bash script for Linux systems to audit wireless networks.
Web Pentesting Fuzz 字典,一个就够了。
Merge /Testing_for_Vertical_Bypassing_Authorization_Schema_WSTG-AUTHZ-00X.md into 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Next generation web scanner
Collaborative Penetration Test and Vulnerability Management Platform
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
The LAZY script will make your life easier, and of course faster.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Wiki to collect Red Team infrastructure hardening resources
Automated All-in-One OS Command Injection Exploitation Tool.
Is there a way to skip the nmap scan and go straight to the attacking routes? In case i already know the target list is full of open rtsp port IPs.
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."
Hello spoooopyyy hackers🎃
This is a Hacktoberfest only issue!👻
This is also data-sciency!
The Problem
Our English dictionary contains words that aren't English, and does not contain common English words.
Examples of non-common words in the dictionary: