wewe
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
(CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script
A cheat sheet that contains advanced queries for SQL Injection of all types.
API Security Project aims to present unique attack & defense methods in API Security field
Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
The most powerful CRLF injection (HTTP Response Splitting) scanner.
A list of threat sinks used in the manual security source code review for application security
Checklist of the most important security countermeasures when designing, testing, and releasing your API
An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Grafana Unauthorized arbitrary file reading vulnerability
Apache Spark Shell Command Injection Vulnerability
A repository that includes all the important wordlists used while bug hunting.
A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles
XSS payloads for bypassing WAF. This repository is updating continuously.
🔥 Web-application firewalls (WAFs) from security standpoint.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
🎯 SQL Injection Payload List
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
grep rough audit - source code auditing tool
cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50
LazyWeb is a demonstration web application designed to showcase common server-side application vulnerabilities. Each vulnerability is categorized with its respective difficulty rating to provide a …
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference