Stars
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
A curated list of web3Security materials and resources For Pentesters and Bug Hunters.
Find all libraries on cdn.js that pollute your prototype
Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM and embedded RISC-V architectures.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Analyse PNG file format for CTF, python API and CLI
rsatool can be used to calculate RSA and RSA-CRT parameters
HTTPLeaks - All possible ways, a website can leak HTTP requests
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…
Do you want to use x64dbg instead of immunity debugger? oscp eCPPTv2 buffer overflow exploits pocs
Create tar/zip archives that try to exploit zipslip vulnerability.
A static analysis API for finding deserialization attack gadgets
Some payloads of JNDI Injection in JDK 1.8.0_191+
Python sandbox escape wiki + payload generator
proof-of-concept for generating Java deserialization payload | Proxy MemShell
A collection of curated resources and CVEs I use for research.