Skip to content


Here are 1,497 public repositories matching this topic...

commjoen commented Jan 11, 2019

Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected
8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
8.8: The detection mechanisms trigger responses of different types, includ

jhertz commented Apr 17, 2020

Hi All,

So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:

hydra "http-post://\:^USER^:H=password\:^PASS^" -l admin -p admin

I see the following r

bee-san commented Oct 18, 2020

RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.

Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:

  1. [!]
  2. [~]
  3. [>]
  4. | {}

If any of these characters appear in any of the tests, fail the CI. E

ThunderSon commented Sep 12, 2020

What's the issue?
Overwritten test scenario, can be summarized and link to payload lists from other repos

How do we solve it?
Chop down the content to the required and needed information, link to payload lists instead of enumerating all possible usernames and passwords, provide further guidance on how to test.

If no one is up to handle it, I can take care of it

Improve this page

Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."

Learn more