Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
Web Path Finder
This course uses a deliberately vulnerable banking application to demonstrate common security vulnerabilities, their impact, and how to fix them. The application is built with Flask (backend) and Reac...
Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
Whitepass Bypass Whitelist/Ratelimit Implementations in Web Applications/APIs
CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing,...
Web application pentesting recon
The CyberTalents repository is a collection of solutions and write-ups for challenges sourced from the CyberTalents platform. Organized topic, this repository serves as a resource for cybersecurity e...
This repository discusses the subdomain takeover vulnerability and lists of services which are vulnerable to it. It also provides information, methodology and resources to perform subdomain takeover a...
Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests
Hidden Fuzzer is a URL fuzzing tool designed to uncover hidden paths and resources on web applications. It features multithreading, customizable HTTP headers, and request parameters for optimized perf...
The simplest way to integrate your subdomain enum outputs with Burp Pro (Fast Crawler)
A Simple Tool to gather information from any website, domain, sub-domain, DNS, links by enumeration with simple commands.
Sitemaps and Robots.txt for websites around the world.
a simple vulnerable web applications, gain access then capture the flag.
Sucks all embedded URLs from a given URI or file. Ideal to parse URLs from CSS or JavaScript (such as API calls, webservices, ;)
This extension allows you to detect implementations of postMessage function, addEventListener("message",function) event handler and onMessage function.