Search results

HackerOne reports • Keep links to a very large and useful repository (https://github.com/reddelexc/hackerone-reports) that includes top HackerOne reports. The repo is constantly kept up to date, which will help you learn a lot of new and useful things (variants of exploiting various...

To search for leaked credentials using Google Chrome's Developer Tools and regex, follow these short steps: Open DevTools: In Chrome, navigate to the site you're inspecting, then open Developer Tools with Ctrl+Shift+I (Windows/Linux) or Cmd+Option+I (macOS). Go to Network Tab: Click on the...

💻 Welcome to Simplified Cybersecurity! 🛡️ Hey, I'm Very Lazy Tech, your laid-back guide to mastering ethical hacking and red teaming without the hassle. Let's explore cybersecurity the smart, simple way. 👨‍💻 About MeI'm passionate about helping aspiring ethical hackers and red teamers sharpen...

Any problem sir?

SpoofProof is a Burp Suite extension designed to help security professionals verify email domain spoofing vulnerabilities and validate DNS-based email security configurations like DMARC, SPF, and DKIM. With SpoofProof, users can efficiently assess if a domain is secure against email spoofing...

Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers. The Adaptix server is written in Golang and to allow operator flexibility. The GUI Client is written in C++ QT, allowing it to be used on Linux, Windows, and MacOS operating systems...

SQLMap Command Generator is a web-based application designed to assist penetration testers and security enthusiasts in generating SQLMap commands with various options for testing SQL injection vulnerabilities. It provides an easy-to-use interface where users can configure various parameters...

Subtrace is Wireshark for your Docker containers. It lets developers see all incoming and outgoing requests in their backend server so that they can resolve production issues faster. Features Works out-of-the-box No code changes needed Supports all languages (Python + Node + Go + everything...

Sometimes, simple methods work best when hunting for SQL injection (SQLI) vulnerabilities. Here’s an optimized approach: 1. Extract Potential Targets Use Wayback Machine URLs to find historical URLs with parameters: waybackurls --dates target.com | grep '?id=' This helps identify pages that...

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerate all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler and crt...

urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. How? A group named URLTeam (kudos to them) are brute forcing the URL shortener services and publishing matched results on a daily basis...

This is an SQL injection cheatsheet with tried and true payloads / techniques that cover the 5 most popular database variants and their derivatives (MySQL, PostgreSQL, MSSQL/SQL Server, Oracle, SQLite). Key Some payloads contain placeholders which need to be replaced with specific values before...

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking). GooFuzz is a script written in Bash Scripting that uses...

JDBG is a powerful Java debugger and reverse engineering tool that operates at runtime. It is attachable and is not limited by agent restrictions. JDBG leverages an injected DLL along with JNI and JVMTI to provide deep insight into Java applications. Features Class Analysis Analyse decompiled...

|-- Fundamentals | |-- Introduction to Cybersecurity | | |-- Importance and Principles of Cybersecurity | | |-- Types of Cybersecurity (Network, Information, Application, Cloud, etc.) | | |-- Cybersecurity Threat Landscape (Malware, Phishing, Ransomware, etc.) | |-- Network...

List of C2 projects leveraging legitimate APIs like Telegram, Twitter, Gmail, Slack, Discord, Google Sheets/Drive, Github, YouTube, Pastebin, Reddit, Zoom, Notion, Dropbox, Instagram and even Virustotal APIs are used by C2’s. Monitor API calls to these services, as any API service can be...

DorkTerm is a terminal-themed web-based security tool designed to assist security researchers in performing Google Dork queries efficiently. The tool generates multiple Google Dork search queries for a given domain and opens them in new browser tabs to help identify potential vulnerabilities. 🛠...

My personal collection of resources (mostly tools and training materials) for source code security audits. Updated gradually as I discover interesting material on the subject. Training Materials Learning Resources Learning Platforms Vulnerable Apps Tools Static Application Security Testing...

Passkey Raider is a Burp Suite extension designed to facilitate comprehensive testing of Passkey systems. It offers three core functionalities: Decode and encode Passkey data in HTTP requests. Automatically replace the public key in Passkey registration flows with a generated public key...

1️⃣ Recon > docker run -v $(pwd):/src projectdiscovery/subfinder:latest -dL /src/domains -silent -o /src/subdomains > docker run -v $(pwd):/src projectdiscovery/dnsx:latest -l /src/subdomains -t 500 -retry 5 -silent -o /src/dnsx > docker run -v $(pwd):/src projectdiscovery/naabu:latest -l...