hackerone-reports
reconftw
hackerone-reports | reconftw | |
---|---|---|
2 | 3 | |
3,195 | 5,242 | |
- | - | |
6.3 | 9.2 | |
13 days ago | 11 days ago | |
Python | Shell | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hackerone-reports
- GitHub - reddelexc/hackerone-reports: Top disclosed reports from HackerOne
-
XXE (XML External Entity) Attack & Prevention
There was an interesting case on Hackerone where the XMP metadata of a JPG file was getting parsed unsafely. There are many other interesting XXE bugs there as well if you want to take a look.
reconftw
- Automated recognition frameworks?
-
I made a CLI that streamlines Ethical Hacking workflow
Checkout ReconFTW
-
Tools for subdomain brute forcing
reconFTW = https://github.com/six2dez/reconftw
What are some alternatives?
hackthebox - Notes Taken for HTB Machines & InfoSec Community.
LazyRecon - An automated approach to performing recon for bug bounty hunting and penetration testing.
Exif-Maniac - Post Exploitation Framework via Exif Data in images
Sn1per - Attack Surface Management Platform
SpringShell - Spring4Shell - Spring Core RCE - CVE-2022-22965
Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed - This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
jira-mobile-ssrf-exploit - Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
ReconPi - ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.