Web-Pentesting-Resources - will be updated permanently
nuclei templates
- Recon
- JS files
- hidden files (google, bing, yahoo, etc..)
- SQLi all types
- XSS all types (encoding)
- SSRF all types
- CSRF all types
- Command Injection
- LFI, RFI all types
- IDOR all types
- Race condition
- XXE Injection
- SSTI injection
- Request Smuggling
- Open Redirect
- file upload
- deserialization
- JWT
- all types of bypasses (403, 401, 2fa, login, captcha)
- CRLF
- Buffer Overflow
- ldap injection
- Other vulnerability (log4j, etc..)
- Other misconfiguration
- Postmessage
Practice: Pentesterlab, tryhackme, Portswigger, Nuclei Templates
- Nuclei templates for all vulnerabilities
- Burpsuite match and replace for all vulnerabilities https://github.com/attacker-codeninja/Burp-Match-Replace-
- Burpsuite tricks https://github.com/attacker-codeninja/Weaponize-Your-Burp
- Shodan https://github.com/attacker-codeninja/My-Shodan-Scripts
- Use gf-pattern https://github.com/attacker-codeninja/gf-patterns
- Also useful pattern for nuclei https://github.com/attacker-codeninja/DataExtractor
- urls -> kxss/Gxss -> test manually
- urls -> sqli-nuclei-template
- urls -> SSRF-nuclei-template
- urls -> SSTI-nuclei-template
- Logic Error
https://github.com/attacker-codeninja/1a3y https://github.com/attacker-codeninja/APTRS https://github.com/attacker-codeninja/hackGPT https://github.com/attacker-codeninja/bugbounty-cicd https://github.com/attacker-codeninja/rauton https://github.com/attacker-codeninja/reconmap https://github.com/attacker-codeninja/BugBountyAutomation/blob/main/startRecon.sh https://github.com/attacker-codeninja/automation-bugBounty https://github.com/attacker-codeninja/Bounty-Dashboard
https://github.com/attacker-codeninja/SQLiDetector https://github.com/attacker-codeninja/EndPoint-Finder https://github.com/attacker-codeninja/ipsourcebypass https://github.com/attacker-codeninja/forbidden https://github.com/attacker-codeninja/bhedak https://github.com/attacker-codeninja/HostPanic https://github.com/attacker-codeninja/403bypasser https://github.com/attacker-codeninja/tokenScanner https://github.com/attacker-codeninja/xray https://github.com/attacker-codeninja/hussh https://github.com/attacker-codeninja/fuzzilli https://github.com/attacker-codeninja/awesome-bbht https://github.com/attacker-codeninja/SecretFinder https://github.com/attacker-codeninja/Struts2-Scan
https://github.com/attacker-codeninja/directory-files-payload-lists https://github.com/attacker-codeninja/Bug-Bounty-3 https://github.com/attacker-codeninja/RegexPassive/tree/main/Secrets https://github.com/attacker-codeninja/Bug-Bounty-Wordlists-1
https://github.com/attacker-codeninja/My-Nuclei-Templates-1/blob/main/sqli.yaml https://github.com/attacker-codeninja/My-Nuclei-Templates https://github.com/attacker-codeninja/the-nuclei-templates https://github.com/attacker-codeninja/Custom-Nuclei-Templates
https://github.com/attacker-codeninja/BBProfiles https://github.com/attacker-codeninja/x8-Burp https://github.com/attacker-codeninja/Burp-Bounty-free-Profiles-Collection https://github.com/attacker-codeninja/burp-aem-scanner https://github.com/attacker-codeninja/awesome-burp-extensions https://github.com/attacker-codeninja/burpFakeIP https://github.com/attacker-codeninja/burp-copy-as-ffuf
https://github.com/attacker-codeninja/bughuntingprocess https://github.com/attacker-codeninja/Bug-Hunting-2 https://github.com/attacker-codeninja/Web-Application-Pentest-Checklist-1
https://github.com/attacker-codeninja/Awesome-RCE-techniques https://github.com/attacker-codeninja/log4j https://github.com/attacker-codeninja/HackerOneReports https://github.com/attacker-codeninja/bugBountyTemplates https://github.com/attacker-codeninja/Web-CTF-Cheatsheet-1#bypass-127001 https://github.com/attacker-codeninja/jwt-hack
https://github.com/attacker-codeninja/google-acquisitions
https://github.com/attacker-codeninja/CVE-2021-44228-PoC-log4j-bypass-words https://github.com/attacker-codeninja/log4j-detect
https://github.com/attacker-codeninja/linux-sysadmin-interview-questions#general https://github.com/attacker-codeninja/OSWE-Prep https://github.com/attacker-codeninja/learn-evm-attacks
https://github.com/attacker-codeninja/oneliner-bugbounty https://github.com/attacker-codeninja/AutomationGuide