[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-10794":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":33,"readmeContent":34,"aiSummary":35,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":36,"discoverSource":37},10794,"awesome-web-security","qazbnm456\u002Fawesome-web-security","qazbnm456","🐶 A curated list of Web Security materials and resources.","https:\u002F\u002Fawesomelists.top\u002F#\u002Frepos\u002Fqazbnm456\u002Fawesome-web-security",null,"Python",13468,1793,351,1,0,2,27,108,11,44.76,false,"master",true,[26,27,28,29,30,31,32],"awesome","awesome-list","list","penetration-testing","security","web","websecurity","2026-06-12 02:02:26","# Awesome Web Security [![Awesome](https:\u002F\u002Fcdn.rawgit.com\u002Fsindresorhus\u002Fawesome\u002Fd7305f38d29fed78fa85652e3a63e154dd8e8829\u002Fmedia\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fsindresorhus\u002Fawesome)\n\n[\u003Cimg src=\"https:\u002F\u002Fupload.wikimedia.org\u002Fwikipedia\u002Fcommons\u002F6\u002F61\u002FHTML5_logo_and_wordmark.svg\" align=\"right\" width=\"70\">](https:\u002F\u002Fwww.w3.org\u002FTR\u002Fhtml5\u002F)\n\n> 🐶 Curated list of Web Security materials and resources.\n\nNeedless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article \"[So you want to be a web security researcher?](https:\u002F\u002Fportswigger.net\u002Fblog\u002Fso-you-want-to-be-a-web-security-researcher)\" first.\n\n*Please read the [contribution guidelines](CONTRIBUTING.md) before contributing.*\n\n---\n\n\u003Cp align=\"center\">\u003Cb>🌈 Want to strengthen your penetration skills?\u003C\u002Fb>\u003Cbr>I would recommend playing some \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapsdehal\u002Fawesome-ctf\" target=\"_blank\">awesome-ctf\u003C\u002Fa>s.\u003C\u002Fp>\n\n---\n\nIf you enjoy this awesome list and would like to support it, check out my [Patreon](https:\u002F\u002Fwww.patreon.com\u002Fboik) page :)\u003Cbr>Also, don't forget to check out my [repos](https:\u002F\u002Fgithub.com\u002Fqazbnm456) 🐾 or say *hi* on my [Twitter](https:\u002F\u002Ftwitter.com\u002Fqazbnm456)!\n\n## Contents\n\n- [Digests](#digests)\n- [Forums](#forums)\n- [Introduction](#intro)\n  - [XSS](#xss---cross-site-scripting)\n  - [Prototype Pollution](#prototype-pollution)\n  - [CSV Injection](#csv-injection)\n  - [SQL Injection](#sql-injection)\n  - [Command Injection](#command-injection)\n  - [ORM Injection](#orm-injection)\n  - [FTP Injection](#ftp-injection)\n  - [XXE](#xxe---xml-external-entity)\n  - [CSRF](#csrf---cross-site-request-forgery)\n  - [Clickjacking](#clickjacking)\n  - [SSRF](#ssrf---server-side-request-forgery)\n  - [Web Cache Poisoning](#web-cache-poisoning)\n  - [Relative Path Overwrite](#relative-path-overwrite)\n  - [Open Redirect](#open-redirect)\n  - [SAML](#saml)\n  - [Upload](#upload)\n  - [Rails](#rails)\n  - [AngularJS](#angularjs)\n  - [ReactJS](#reactjs)\n  - [SSL\u002FTLS](#ssltls)\n  - [Webmail](#webmail)\n  - [NFS](#nfs)\n  - [AWS](#aws)\n  - [Azure](#azure)\n  - [Fingerprint](#fingerprint)\n  - [Sub Domain Enumeration](#sub-domain-enumeration)\n  - [Crypto](#crypto)\n  - [Web Shell](#web-shell)\n  - [OSINT](#osint)\n  - [DNS Rebinding](#dns-rebinding)\n  - [Deserialization](#deserialization)\n  - [OAuth](#oauth)\n  - [JWT](#jwt)\n- [Evasions](#evasions)\n  - [XXE](#evasions-xxe)\n  - [CSP](#evasions-csp)\n  - [WAF](#evasions-waf)\n  - [JSMVC](#evasions-jsmvc)\n  - [Authentication](#evasions-authentication)\n- [Tricks](#tricks)\n  - [CSRF](#tricks-csrf)\n  - [Clickjacking](#tricks-clickjacking)\n  - [Remote Code Execution](#tricks-rce)\n  - [XSS](#tricks-xss)\n  - [SQL Injection](#tricks-sql-injection)\n  - [NoSQL Injection](#tricks-nosql-injection)\n  - [FTP Injection](#tricks-ftp-injection)\n  - [XXE](#tricks-xxe)\n  - [SSRF](#tricks-ssrf)\n  - [Web Cache Poisoning](#tricks-web-cache-poisoning)\n  - [Header Injection](#tricks-header-injection)\n  - [URL](#tricks-url)\n  - [Deserialization](#tricks-deserialization)\n  - [OAuth](#tricks-oauth)\n  - [Others](#tricks-others)\n- [Browser Exploitation](#browser-exploitation)\n- [PoCs](#pocs)\n  - [Database](#pocs-database)\n- [Cheetsheets](#cheetsheets)\n- [Tools](#tools)\n  - [Auditing](#tools-auditing)\n  - [Command Injection](#tools-command-injection)\n  - [Reconnaissance](#tools-reconnaissance)\n    - [OSINT](#tools-osint)\n    - [Sub Domain Enumeration](#tools-sub-domain-enumeration)\n  - [Code Generating](#tools-code-generating)\n  - [Fuzzing](#tools-fuzzing)\n  - [Scanning](#tools-scanning)\n  - [Penetration Testing](#tools-penetration-testing)\n  - [Leaking](#tools-leaking)\n  - [Offensive](#tools-offensive)\n    - [XSS](#tools-xss)\n    - [SQL Injection](#tools-sql-injection)\n    - [Template Injection](#tools-template-injection)\n    - [XXE](#tools-xxe)\n    - [CSRF](#tools-csrf)\n    - [SSRF](#tools-ssrf)\n  - [Detecting](#tools-detecting)\n  - [Preventing](#tools-preventing)\n  - [Proxy](#tools-proxy)\n  - [Webshell](#tools-webshell)\n  - [Disassembler](#tools-disassembler)\n  - [Decompiler](#tools-decompiler)\n  - [DNS Rebinding](#tools-dns-rebinding)\n  - [Others](#tools-others)\n- [Social Engineering Database](#social-engineering-database)\n- [Blogs](#blogs)\n- [Twitter Users](#twitter-users)\n- [Practices](#practices)\n  - [Application](#practices-application)\n  - [AWS](#practices-aws)\n  - [XSS](#practices-xss)\n  - [ModSecurity \u002F OWASP ModSecurity Core Rule Set](#practices-modsecurity)\n- [Community](#community)\n- [Miscellaneous](#miscellaneous)\n\n## Digests\n\n- [Hacker101](https:\u002F\u002Fwww.hacker101.com\u002F) - Written by [hackerone](https:\u002F\u002Fwww.hackerone.com\u002Fstart-hacking).\n- [The Daily Swig - Web security digest](https:\u002F\u002Fportswigger.net\u002Fdaily-swig) - Written by [PortSwigger](https:\u002F\u002Fportswigger.net\u002F).\n- [Web Application Security Zone by Netsparker](https:\u002F\u002Fwww.netsparker.com\u002Fblog\u002Fweb-security\u002F) - Written by [Netsparker](https:\u002F\u002Fwww.netsparker.com\u002F).\n- [Infosec Newbie](https:\u002F\u002Fwww.sneakymonkey.net\u002F2017\u002F04\u002F23\u002Finfosec-newbie\u002F) - Written by [Mark Robinson](https:\u002F\u002Fwww.sneakymonkey.net\u002F).\n- [The Magic of Learning](https:\u002F\u002Fbitvijays.github.io\u002F) - Written by [@bitvijays](https:\u002F\u002Fbitvijays.github.io\u002Faboutme.html).\n- [CTF Field Guide](https:\u002F\u002Ftrailofbits.github.io\u002Fctf\u002F) - Written by [Trail of Bits](https:\u002F\u002Fwww.trailofbits.com\u002F).\n- [PayloadsAllTheThings](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002F) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n- [tl;dr sec](https:\u002F\u002Ftldrsec.com\u002F) - Weekly summary of top security tools, blog posts, and security research.\n\n## Forums\n\n- [Phrack Magazine](http:\u002F\u002Fwww.phrack.org\u002F) - Ezine written by and for hackers.\n- [The Hacker News](https:\u002F\u002Fthehackernews.com\u002F) - Security in a serious way.\n- [Security Weekly](https:\u002F\u002Fsecurityweekly.com\u002F) - The security podcast network.\n- [The Register](http:\u002F\u002Fwww.theregister.co.uk\u002F) - Biting the hand that feeds IT.\n- [Dark Reading](https:\u002F\u002Fwww.darkreading.com\u002FDefault.asp) - Connecting The Information Security Community.\n- [HackDig](http:\u002F\u002Fen.hackdig.com\u002F) - Dig high-quality web security articles for hacker.\n\n\u003Ca name=\"intro\">\u003C\u002Fa>\n## Introduction\n\n\u003Ca name=\"xss\">\u003C\u002Fa>\n### XSS - Cross-Site Scripting\n\n- [Cross-Site Scripting – Application Security – Google](https:\u002F\u002Fwww.google.com\u002Fintl\u002Fsw\u002Fabout\u002Fappsecurity\u002Flearning\u002Fxss\u002F) - Written by [Google](https:\u002F\u002Fwww.google.com\u002F).\n- [H5SC](https:\u002F\u002Fgithub.com\u002Fcure53\u002FH5SC) - Written by [@cure53](https:\u002F\u002Fgithub.com\u002Fcure53).\n- [AwesomeXSS](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FAwesomeXSS) - Written by [@s0md3v](https:\u002F\u002Fgithub.com\u002Fs0md3v).\n- [XSS.png](https:\u002F\u002Fgithub.com\u002FLucaBongiorni\u002FXSS.png) - Written by @jackmasa.\n- [C.XSS Guide](https:\u002F\u002Fexcess-xss.com\u002F) - Written by [@JakobKallin](https:\u002F\u002Fgithub.com\u002FJakobKallin) and [Irene Lobo Valbuena](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Firenelobovalbuena\u002F).\n- [THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS](http:\u002F\u002Fwww.paulosyibelo.com\u002F2018\u002F06\u002Fthe-big-bad-wolf-xss-and-maintaining.html) - Written by [Paulos Yibelo](http:\u002F\u002Fwww.paulosyibelo.com\u002F).\n- [payloadbox\u002Fxss-payload-list](https:\u002F\u002Fgithub.com\u002Fpayloadbox\u002Fxss-payload-list) - Written by [@payloadbox](https:\u002F\u002Fgithub.com\u002Fpayloadbox).\n- [PayloadsAllTheThings - XSS Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FXSS%20Injection) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"prototype-pollution\">\u003C\u002Fa>\n### Prototype Pollution\n\n- [Prototype pollution attack in NodeJS application](https:\u002F\u002Fgithub.com\u002FHoLyVieR\u002Fprototype-pollution-nsec18\u002Fblob\u002Fmaster\u002Fpaper\u002FJavaScript_prototype_pollution_attack_in_NodeJS.pdf) - Written by [@HoLyVieR](https:\u002F\u002Fgithub.com\u002FHoLyVieR).\n- [Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609)](https:\u002F\u002Fresearch.securitum.com\u002Fprototype-pollution-rce-kibana-cve-2019-7609\u002F) - Written by [@securitymb](https:\u002F\u002Ftwitter.com\u002Fsecuritymb).\n- [Real-world JS - 1](https:\u002F\u002Fblog.p6.is\u002FReal-World-JS-1\u002F) - Written by [@po6ix](https:\u002F\u002Ftwitter.com\u002Fpo6ix).\n\n\u003Ca name=\"csv-injection\">\u003C\u002Fa>\n### CSV Injection\n\n- [CSV Injection -> Meterpreter on Pornhub](https:\u002F\u002Fnews.webamooz.com\u002Fwp-content\u002Fuploads\u002Fbot\u002Foffsecmag\u002F147.pdf) - Written by [Andy](https:\u002F\u002Fblog.zsec.uk\u002F).\n- [The Absurdly Underestimated Dangers of CSV Injection](http:\u002F\u002Fgeorgemauer.net\u002F2017\u002F10\u002F07\u002Fcsv-injection.html) - Written by [George Mauer](http:\u002F\u002Fgeorgemauer.net\u002F).\n- [PayloadsAllTheThings - CSV Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FCSV%20Injection) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"sql-injection\">\u003C\u002Fa>\n### SQL Injection\n\n- [SQL Injection Cheat Sheet](https:\u002F\u002Fwww.netsparker.com\u002Fblog\u002Fweb-security\u002Fsql-injection-cheat-sheet\u002F) - Written by [@netsparker](https:\u002F\u002Ftwitter.com\u002Fnetsparker).\n- [SQL Injection Wiki](https:\u002F\u002Fsqlwiki.netspi.com\u002F) - Written by [NETSPI](https:\u002F\u002Fwww.netspi.com\u002F).\n- [SQL Injection Pocket Reference](https:\u002F\u002Fwebsec.ca\u002Fkb\u002Fsql_injection) - Written by [@LightOS](https:\u002F\u002Ftwitter.com\u002FLightOS).\n- [payloadbox\u002Fsql-injection-payload-list](https:\u002F\u002Fgithub.com\u002Fpayloadbox\u002Fsql-injection-payload-list) - Written by [@payloadbox](https:\u002F\u002Fgithub.com\u002Fpayloadbox).\n- [PayloadsAllTheThings - SQL Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FSQL%20Injection) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"command-injection\">\u003C\u002Fa>\n### Command Injection\n\n- [Potential command injection in resolv.rb](https:\u002F\u002Fgithub.com\u002Fruby\u002Fruby\u002Fpull\u002F1777) - Written by [@drigg3r](https:\u002F\u002Fgithub.com\u002Fdrigg3r).\n- [payloadbox\u002Fcommand-injection-payload-list](https:\u002F\u002Fgithub.com\u002Fpayloadbox\u002Fcommand-injection-payload-list) - Written by [@payloadbox](https:\u002F\u002Fgithub.com\u002Fpayloadbox).\n- [PayloadsAllTheThings - Command Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FCommand%20Injection) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"orm-injection\">\u003C\u002Fa>\n### ORM Injection\n\n- [HQL for pentesters](http:\u002F\u002Fblog.h3xstream.com\u002F2014\u002F02\u002Fhql-for-pentesters.html) - Written by [@h3xstream](https:\u002F\u002Ftwitter.com\u002Fh3xstream\u002F).\n- [HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?)](https:\u002F\u002Fwww.synacktiv.com\u002Fressources\u002Fhql2sql_sstic_2015_en.pdf) - Written by [@_m0bius](https:\u002F\u002Ftwitter.com\u002F_m0bius).\n- [ORM2Pwn: Exploiting injections in Hibernate ORM](https:\u002F\u002Fwww.slideshare.net\u002F0ang3el\u002Form2pwn-exploiting-injections-in-hibernate-orm) - Written by [Mikhail Egorov](https:\u002F\u002F0ang3el.blogspot.tw\u002F).\n- [ORM Injection](https:\u002F\u002Fwww.slideshare.net\u002Fsimone.onofri\u002Form-injection) - Written by [Simone Onofri](https:\u002F\u002Fonofri.org\u002F).\n\n\u003Ca name=\"ftp-injection\">\u003C\u002Fa>\n### FTP Injection\n\n- [Advisory: Java\u002FPython FTP Injections Allow for Firewall Bypass](http:\u002F\u002Fblog.blindspotsecurity.com\u002F2017\u002F02\u002Fadvisory-javapython-ftp-injections.html) - Written by [Timothy Morgan](https:\u002F\u002Fplus.google.com\u002F105917618099766831589).\n- [SMTP over XXE − how to send emails using Java's XML parser](https:\u002F\u002Fshiftordie.de\u002Fblog\u002F2017\u002F02\u002F18\u002Fsmtp-over-xxe\u002F) - Written by [Alexander Klink](https:\u002F\u002Fshiftordie.de\u002F).\n\n\u003Ca name=\"xxe\">\u003C\u002Fa>\n### XXE - XML eXternal Entity\n\n- [XXE](https:\u002F\u002Fphonexicum.github.io\u002Finfosec\u002Fxxe.html) - Written by [@phonexicum](https:\u002F\u002Ftwitter.com\u002Fphonexicum).\n- [XML external entity (XXE) injection](https:\u002F\u002Fportswigger.net\u002Fweb-security\u002Fxxe) - Written by [portswigger](https:\u002F\u002Fportswigger.net\u002F).\n- [XML Schema, DTD, and Entity Attacks](https:\u002F\u002Fwww.vsecurity.com\u002Fdownload\u002Fpublications\u002FXMLDTDEntityAttacks.pdf) - Written by [Timothy D. Morgan](https:\u002F\u002Ftwitter.com\u002Fecbftw) and Omar Al Ibrahim.\n- [payloadbox\u002Fxxe-injection-payload-list](https:\u002F\u002Fgithub.com\u002Fpayloadbox\u002Fxxe-injection-payload-list) - Written by [@payloadbox](https:\u002F\u002Fgithub.com\u002Fpayloadbox)\n- [PayloadsAllTheThings - XXE Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FXXE%20Injection) - Written by various contributors.\n\n\u003Ca name=\"csrf\">\u003C\u002Fa>\n### CSRF - Cross-Site Request Forgery\n\n- [Wiping Out CSRF](https:\u002F\u002Fmedium.com\u002F@jrozner\u002Fwiping-out-csrf-ded97ae7e83f) - Written by [@jrozner](https:\u002F\u002Fmedium.com\u002F@jrozner).\n- [PayloadsAllTheThings - CSRF Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FCSRF%20Injection) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"clickjacking\">\u003C\u002Fa>\n### Clickjacking\n\n- [Clickjacking](https:\u002F\u002Fwww.imperva.com\u002Flearn\u002Fapplication-security\u002Fclickjacking\u002F) - Written by [Imperva](https:\u002F\u002Fwww.imperva.com\u002F).\n- [X-Frame-Options: All about Clickjacking?](https:\u002F\u002Fgithub.com\u002Fcure53\u002FPublications\u002Fblob\u002Fmaster\u002Fxfo-clickjacking.pdf?raw=true) - Written by [Mario Heiderich](http:\u002F\u002Fwww.slideshare.net\u002Fx00mario).\n\n\u003Ca name=\"ssrf\">\u003C\u002Fa>\n### SSRF - Server-Side Request Forgery\n\n- [SSRF bible. Cheatsheet](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM\u002Fedit) - Written by [Wallarm](https:\u002F\u002Fwallarm.com\u002F).\n- [PayloadsAllTheThings - Server-Side Request Forgery](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FServer%20Side%20Request%20Forgery) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"web-cache-poisoning\">\u003C\u002Fa>\n### Web Cache Poisoning\n\n- [Practical Web Cache Poisoning](https:\u002F\u002Fportswigger.net\u002Fblog\u002Fpractical-web-cache-poisoning) - Written by [@albinowax](https:\u002F\u002Ftwitter.com\u002Falbinowax).\n- [PayloadsAllTheThings - Web Cache Deception](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FWeb%20Cache%20Deception) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"relative-path-overwrite\">\u003C\u002Fa>\n### Relative Path Overwrite\n\n- [Large-scale analysis of style injection by relative path overwrite](https:\u002F\u002Fblog.acolyer.org\u002F2018\u002F05\u002F28\u002Flarge-scale-analysis-of-style-injection-by-relative-path-overwrite\u002F) - Written by [The Morning Paper](https:\u002F\u002Fblog.acolyer.org\u002F).\n- [MBSD Technical Whitepaper - A few RPO exploitation techniques](https:\u002F\u002Fwww.mbsd.jp\u002FWhitepaper\u002Frpo.pdf) - Written by [Mitsui Bussan Secure Directions, Inc.](https:\u002F\u002Fwww.mbsd.jp\u002F).\n\n\u003Ca name=\"open-redirect\">\u003C\u002Fa>\n### Open Redirect\n\n- [Open Redirect Vulnerability](https:\u002F\u002Fs0cket7.com\u002Fopen-redirect-vulnerability\u002F) - Written by [s0cket7](https:\u002F\u002Fs0cket7.com\u002F).\n- [payloadbox\u002Fopen-redirect-payload-list](https:\u002F\u002Fgithub.com\u002Fpayloadbox\u002Fopen-redirect-payload-list) - Written by [@payloadbox](https:\u002F\u002Fgithub.com\u002Fpayloadbox).\n- [PayloadsAllTheThings - Open Redirect](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FOpen%20Redirect) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"saml\">\u003C\u002Fa>\n### Security Assertion Markup Language (SAML)\n\n- [How to Hunt Bugs in SAML; a Methodology - Part I](https:\u002F\u002Fepi052.gitlab.io\u002Fnotes-to-self\u002Fblog\u002F2019-03-07-how-to-test-saml-a-methodology\u002F) - Written by [epi](https:\u002F\u002Fepi052.gitlab.io\u002Fnotes-to-self\u002F).\n- [How to Hunt Bugs in SAML; a Methodology - Part II](https:\u002F\u002Fepi052.gitlab.io\u002Fnotes-to-self\u002Fblog\u002F2019-03-13-how-to-test-saml-a-methodology-part-two\u002F) - Written by [epi](https:\u002F\u002Fepi052.gitlab.io\u002Fnotes-to-self\u002F).\n- [How to Hunt Bugs in SAML; a Methodology - Part III](https:\u002F\u002Fepi052.gitlab.io\u002Fnotes-to-self\u002Fblog\u002F2019-03-16-how-to-test-saml-a-methodology-part-three\u002F) - Written by [epi](https:\u002F\u002Fepi052.gitlab.io\u002Fnotes-to-self\u002F).\n- [PayloadsAllTheThings - SAML Injection](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FSAML%20Injection) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"upload\">\u003C\u002Fa>\n### Upload\n\n- [File Upload Restrictions Bypass](https:\u002F\u002Fwww.exploit-db.com\u002Fdocs\u002Fenglish\u002F45074-file-upload-restrictions-bypass.pdf) - Written by [Haboob Team](https:\u002F\u002Fwww.exploit-db.com\u002Fauthor\u002F?a=9381).\n- [PayloadsAllTheThings - Upload Insecure Files](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FPayloadsAllTheThings\u002Ftree\u002Fmaster\u002FUpload%20Insecure%20Files) - Written by [@swisskyrepo](https:\u002F\u002Fgithub.com\u002Fswisskyrepo).\n\n\u003Ca name=\"rails\">\u003C\u002Fa>\n### Rails\n\n- [Rails Security - First part](https:\u002F\u002Fhackmd.io\u002Fs\u002FSkuTVw5O-) - Written by [@qazbnm456](https:\u002F\u002Fgithub.com\u002Fqazbnm456).\n- [Zen Rails Security Checklist](https:\u002F\u002Fgithub.com\u002Fbrunofacca\u002Fzen-rails-security-checklist) - Written by [@brunofacca](https:\u002F\u002Fgithub.com\u002Fbrunofacca).\n- [Rails SQL Injection](https:\u002F\u002Frails-sqli.org) - Written by [@presidentbeef](https:\u002F\u002Fgithub.com\u002Fpresidentbeef).\n- [Official Rails Security Guide](http:\u002F\u002Fguides.rubyonrails.org\u002Fsecurity.html) - Written by [Rails team](https:\u002F\u002Frubyonrails.org\u002F).\n\n\u003Ca name=\"angularjs\">\u003C\u002Fa>\n### AngularJS\n\n- [XSS without HTML: Client-Side Template Injection with AngularJS](http:\u002F\u002Fblog.portswigger.net\u002F2016\u002F01\u002Fxss-without-html-client-side-template.html) - Written by [Gareth Heyes](https:\u002F\u002Fwww.blogger.com\u002Fprofile\u002F10856178524811553475).\n- [DOM based Angular sandbox escapes](http:\u002F\u002Fblog.portswigger.net\u002F2017\u002F05\u002Fdom-based-angularjs-sandbox-escapes.html) - Written by [@garethheyes](https:\u002F\u002Ftwitter.com\u002Fgarethheyes)\n\n\u003Ca name=\"reactjs\">\u003C\u002Fa>\n### ReactJS\n\n- [XSS via a spoofed React element](http:\u002F\u002Fdanlec.com\u002Fblog\u002Fxss-via-a-spoofed-react-element) - Written by [Daniel LeCheminant](http:\u002F\u002Fdanlec.com\u002F).\n\n\u003Ca name=\"ssl-tls\">\u003C\u002Fa>\n### SSL\u002FTLS\n\n- [SSL & TLS Penetration Testing](https:\u002F\u002Fwww.aptive.co.uk\u002Fblog\u002Ftls-ssl-security-testing\u002F) - Written by [APTIVE](https:\u002F\u002Fwww.aptive.co.uk\u002F).\n- [Practical introduction to SSL\u002FTLS](https:\u002F\u002Fgithub.com\u002FHakky54\u002Fmutual-tls-ssl) - Written by [@Hakky54](https:\u002F\u002Fgithub.com\u002FHakky54).\n\n\u003Ca name=\"webmail\">\u003C\u002Fa>\n### Webmail\n\n- [Why mail() is dangerous in PHP](https:\u002F\u002Fblog.ripstech.com\u002F2017\u002Fwhy-mail-is-dangerous-in-php\u002F) - Written by [Robin Peraglie](https:\u002F\u002Fwww.ripstech.com\u002F).\n\n\u003Ca name=\"nfs\">\u003C\u002Fa>\n### NFS\n\n- [NFS | PENETRATION TESTING ACADEMY](https:\u002F\u002Fpentestacademy.wordpress.com\u002F2017\u002F09\u002F20\u002Fnfs\u002F?t=1&cn=ZmxleGlibGVfcmVjc18y&refsrc=email&iid=b34422ce15164e99a193fea0ccc7a02f&uid=1959680352&nid=244+289476616) - Written by [PENETRATION ACADEMY](https:\u002F\u002Fpentestacademy.wordpress.com\u002F).\n\n\u003Ca name=\"aws\">\u003C\u002Fa>\n### AWS\n\n- [PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET](https:\u002F\u002Frhinosecuritylabs.com\u002Fpenetration-testing\u002Fpenetration-testing-aws-storage\u002F) - Written by Dwight Hohnstein from [Rhino Security Labs](https:\u002F\u002Frhinosecuritylabs.com\u002F).\n- [AWS PENETRATION TESTING PART 1. S3 BUCKETS](https:\u002F\u002Fwww.virtuesecurity.com\u002Faws-penetration-testing-part-1-s3-buckets\u002F) - Written by [VirtueSecurity](https:\u002F\u002Fwww.virtuesecurity.com\u002F).\n- [AWS PENETRATION TESTING PART 2. S3, IAM, EC2](https:\u002F\u002Fwww.virtuesecurity.com\u002Faws-penetration-testing-part-2-s3-iam-ec2\u002F) - Written by [VirtueSecurity](https:\u002F\u002Fwww.virtuesecurity.com\u002F).\n- [Misadventures in AWS](https:\u002F\u002Flabs.f-secure.com\u002Fblog\u002Fmisadventures-in-aws) - Written by Christian Demko\n\n\u003Ca name=\"azure\">\u003C\u002Fa>\n### Azure\n\n- [Common Azure Security Vulnerabilities and Misconfigurations](https:\u002F\u002Frhinosecuritylabs.com\u002Fcloud-security\u002Fcommon-azure-security-vulnerabilities\u002F) - Written by [@rhinobenjamin](https:\u002F\u002Ftwitter.com\u002Frhinobenjamin).\n- [Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability](https:\u002F\u002Frhinosecuritylabs.com\u002Fazure\u002Fcloud-security-risks-part-1-azure-csv-injection-vulnerability\u002F) - Written by [@spengietz](https:\u002F\u002Ftwitter.com\u002Fspengietz).\n\n\u003Ca name=\"fingerprint\">\u003C\u002Fa>\n### Fingerprint\n\n\u003Ca name=\"sub-domain-enumeration\">\u003C\u002Fa>\n### Sub Domain Enumeration\n\n- [A penetration tester’s guide to sub-domain enumeration](https:\u002F\u002Fblog.appsecco.com\u002Fa-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6) - Written by [Bharath](https:\u002F\u002Fblog.appsecco.com\u002F@yamakira_).\n- [The Art of Subdomain Enumeration](https:\u002F\u002Fblog.sweepatic.com\u002Fart-of-subdomain-enumeration\u002F) - Written by [Patrik Hudak](https:\u002F\u002Fblog.sweepatic.com\u002Fauthor\u002Fpatrik\u002F).\n\n\u003Ca name=\"crypto\">\u003C\u002Fa>\n### Crypto\n\n- [Applied Crypto Hardening](https:\u002F\u002Fbettercrypto.org\u002F) - Written by [The bettercrypto.org Team](https:\u002F\u002Fbettercrypto.org\u002F).\n- [What is a Side-Channel Attack ?](https:\u002F\u002Fwww.csoonline.com\u002Farticle\u002F3388647\u002Fwhat-is-a-side-channel-attack-how-these-end-runs-around-encryption-put-everyone-at-risk.html) - Written by [J.M Porup](https:\u002F\u002Fwww.csoonline.com\u002Fauthor\u002FJ.M.-Porup\u002F).\n\n\u003Ca name=\"web-shell\">\u003C\u002Fa>\n### Web Shell\n\n- [Hunting for Web Shells](https:\u002F\u002Fwww.tenable.com\u002Fblog\u002Fhunting-for-web-shells) - Written by [Jacob Baines](https:\u002F\u002Fwww.tenable.com\u002Fprofile\u002Fjacob-baines).\n- [Hacking with JSP Shells](https:\u002F\u002Fblog.netspi.com\u002Fhacking-with-jsp-shells\u002F) - Written by [@_nullbind](https:\u002F\u002Ftwitter.com\u002F_nullbind).\n\n\u003Ca name=\"osint\">\u003C\u002Fa>\n### OSINT\n\n- [Hacking Cryptocurrency Miners with OSINT Techniques](https:\u002F\u002Fmedium.com\u002F@s3yfullah\u002Fhacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157) - Written by [@s3yfullah](https:\u002F\u002Fmedium.com\u002F@s3yfullah).\n- [OSINT x UCCU Workshop on Open Source Intelligence](https:\u002F\u002Fwww.slideshare.net\u002Fmiaoski\u002Fosint-x-uccu-workshop-on-open-source-intelligence) - Written by [Philippe Lin](https:\u002F\u002Fwww.slideshare.net\u002Fmiaoski).\n- [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https:\u002F\u002Ftwitter.com\u002Fkirbstr).\n- [The most complete guide to finding anyone’s email](https:\u002F\u002Fwww.blurbiz.io\u002Fblog\u002Fthe-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https:\u002F\u002Fwww.blurbiz.io\u002F).\n\n\u003Ca name=\"dns-rebinding\">\u003C\u002Fa>\n### DNS Rebinding\n\n- [Attacking Private Networks from the Internet with DNS Rebinding](https:\u002F\u002Fmedium.com\u002F@brannondorsey\u002Fattacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https:\u002F\u002Fmedium.com\u002F@brannondorsey)\n- [Hacking home routers from the Internet](https:\u002F\u002Fmedium.com\u002F@radekk\u002Fhackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https:\u002F\u002Fmedium.com\u002F@radekk)\n\n\u003Ca name=\"deserialization\">\u003C\u002Fa>\n### Deserialization\n\n- [What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.](https:\u002F\u002Ffoxglovesecurity.com\u002F2015\u002F11\u002F06\u002Fwhat-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability\u002F) - Written by [@breenmachine](https:\u002F\u002Ftwitter.com\u002Fbreenmachine).\n- [Attacking .NET deserialization](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=eDfGpu3iE4Q) - Written by [@pwntester](https:\u002F\u002Ftwitter.com\u002Fpwntester).\n- [.NET Roulette: Exploiting Insecure Deserialization in Telerik UI](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=--6PiuvBGAU) - Written by [@noperator](https:\u002F\u002Ftwitter.com\u002Fnoperator).\n- [How to exploit the DotNetNuke Cookie Deserialization](https:\u002F\u002Fpentest-tools.com\u002Fblog\u002Fexploit-dotnetnuke-cookie-deserialization\u002F) - Written by [CRISTIAN CORNEA](https:\u002F\u002Fpentest-tools.com\u002Fblog\u002Fauthor\u002Fpentest-cristian\u002F).\n- [HOW TO EXPLOIT LIFERAY CVE-2020-7961 : QUICK JOURNEY TO POC](https:\u002F\u002Fwww.synacktiv.com\u002Fen\u002Fpublications\u002Fhow-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html) - Written by [@synacktiv](https:\u002F\u002Ftwitter.com\u002Fsynacktiv).\n\n\u003Ca name=\"oauth\">\u003C\u002Fa>\n### OAuth\n\n- [Introduction to OAuth 2.0 and OpenID Connect](https:\u002F\u002Fpragmaticwebsecurity.com\u002Fcourses\u002Fintroduction-oauth-oidc.html) - Written by [@PhilippeDeRyck](https:\u002F\u002Ftwitter.com\u002FPhilippeDeRyck).\n- [What is going on with OAuth 2.0? And why you should not use it for authentication.](https:\u002F\u002Fmedium.com\u002Fsecuring\u002Fwhat-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611) - Written by [@damianrusinek](https:\u002F\u002Fmedium.com\u002F@damianrusinek).\n\n\u003Ca name=\"jwt\">\u003C\u002Fa>\n### JWT\n\n- [Hardcoded secrets, unverified tokens, and other common JWT mistakes](https:\u002F\u002Fr2c.dev\u002Fblog\u002F2020\u002Fhardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes\u002F) - Written by [@ermil0v](https:\u002F\u002Ftwitter.com\u002Fermil0v).\n\n## Evasions\n\n\u003Ca name=\"evasions-xxe\">\u003C\u002Fa>\n### XXE\n\n- [Bypass Fix of OOB XXE Using Different encoding](https:\u002F\u002Ftwitter.com\u002FSpiderSec\u002Fstatus\u002F1191375472690528256) - Written by [@SpiderSec](https:\u002F\u002Ftwitter.com\u002FSpiderSec).\n\n\u003Ca name=\"evasions-csp\">\u003C\u002Fa>\n### CSP\n\n- [Any protection against dynamic module import?](https:\u002F\u002Fgithub.com\u002Fw3c\u002Fwebappsec-csp\u002Fissues\u002F243) - Written by [@shhnjk](https:\u002F\u002Ftwitter.com\u002F@shhnjk).\n- [CSP: bypassing form-action with reflected XSS](https:\u002F\u002Flabs.detectify.com\u002F2016\u002F04\u002F04\u002Fcsp-bypassing-form-action-with-reflected-xss\u002F) - Written by [Detectify Labs](https:\u002F\u002Flabs.detectify.com\u002F).\n- [TWITTER XSS + CSP BYPASS](http:\u002F\u002Fwww.paulosyibelo.com\u002F2017\u002F05\u002Ftwitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http:\u002F\u002Fwww.paulosyibelo.com\u002F).\n- [Neatly bypassing CSP](https:\u002F\u002Flab.wallarm.com\u002Fhow-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https:\u002F\u002Fwallarm.com\u002F).\n- [Evading CSP with DOM-based dangling markup](https:\u002F\u002Fportswigger.net\u002Fblog\u002Fevading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https:\u002F\u002Fportswigger.net\u002F).\n- [GitHub's CSP journey](https:\u002F\u002Fgithubengineering.com\u002Fgithubs-csp-journey\u002F) - Written by [@ptoomey3](https:\u002F\u002Fgithub.com\u002Fptoomey3).\n- [GitHub's post-CSP journey](https:\u002F\u002Fgithubengineering.com\u002Fgithubs-post-csp-journey\u002F) - Written by [@ptoomey3](https:\u002F\u002Fgithub.com\u002Fptoomey3).\n\n\u003Ca name=\"evasions-waf\">\u003C\u002Fa>\n### WAF\n\n- [Web Application Firewall (WAF) Evasion Techniques](https:\u002F\u002Fmedium.com\u002Fsecjuice\u002Fwaf-evasion-techniques-718026d693d8) - Written by [@secjuice](https:\u002F\u002Ftwitter.com\u002Fsecjuice).\n- [Web Application Firewall (WAF) Evasion Techniques #2](https:\u002F\u002Fmedium.com\u002Fsecjuice\u002Fweb-application-firewall-waf-evasion-techniques-2-125995f3e7b0) - Written by [@secjuice](https:\u002F\u002Ftwitter.com\u002Fsecjuice).\n- [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities](https:\u002F\u002Fbuer.haus\u002F2017\u002F03\u002F08\u002Fairbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities\u002F) - Written by [@Brett Buerhaus](https:\u002F\u002Ftwitter.com\u002Fbbuerhaus).\n- [How to bypass libinjection in many WAF\u002FNGWAF](https:\u002F\u002Fmedium.com\u002F@d0znpp\u002Fhow-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f) - Written by [@d0znpp](https:\u002F\u002Fmedium.com\u002F@d0znpp).\n\n\u003Ca name=\"evasions-jsmvc\">\u003C\u002Fa>\n### JSMVC\n\n- [JavaScript MVC and Templating Frameworks](http:\u002F\u002Fwww.slideshare.net\u002Fx00mario\u002Fjsmvcomfg-to-sternly-look-at-javascript-mvc-and-templating-frameworks) - Written by [Mario Heiderich](http:\u002F\u002Fwww.slideshare.net\u002Fx00mario).\n\n\u003Ca name=\"evasions-authentication\">\u003C\u002Fa>\n### Authentication\n\n- [Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)](http:\u002F\u002Fblog.malerisch.net\u002F2017\u002F04\u002Ftrend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html) - Written by [@malerisch](https:\u002F\u002Ftwitter.com\u002Fmalerisch) and [@steventseeley](https:\u002F\u002Ftwitter.com\u002Fsteventseeley).\n\n## Tricks\n\n\u003Ca name=\"tricks-csrf\">\u003C\u002Fa>\n### CSRF\n\n- [Neat tricks to bypass CSRF-protection](https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F32716181) - Written by [Twosecurity](https:\u002F\u002Ftwosecurity.io\u002F).\n- [Exploiting CSRF on JSON endpoints with Flash and redirects](https:\u002F\u002Fblog.appsecco.com\u002Fexploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b) - Written by [@riyazwalikar](https:\u002F\u002Fblog.appsecco.com\u002F@riyazwalikar).\n- [Stealing CSRF tokens with CSS injection (without iFrames)](https:\u002F\u002Fgithub.com\u002Fdxa4481\u002FcssInjection) - Written by [@dxa4481](https:\u002F\u002Fgithub.com\u002Fdxa4481).\n- [Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters](https:\u002F\u002Fblog.securityevaluators.com\u002Fcracking-javas-rng-for-csrf-ea9cacd231d2) - Written by [@rramgattie](https:\u002F\u002Fblog.securityevaluators.com\u002F@rramgattie).\n- [If HttpOnly You Could Still CSRF… Of CORS you can!](https:\u002F\u002Fmedium.com\u002F@_graphx\u002Fif-httponly-you-could-still-csrf-of-cors-you-can-5d7ee2c7443) - Written by [@GraphX](https:\u002F\u002Ftwitter.com\u002FGraphX).\n\n\u003Ca name=\"tricks-clickjacking\">\u003C\u002Fa>\n### Clickjacking\n\n- [Clickjackings in Google worth 14981.7$](https:\u002F\u002Fmedium.com\u002F@raushanraj_65039\u002Fgoogle-clickjacking-6a04132b918a) - Written by [@raushanraj_65039](https:\u002F\u002Fmedium.com\u002F@raushanraj_65039).\n\n\u003Ca name=\"tricks-rce\">\u003C\u002Fa>\n### Remote Code Execution\n\n- [CVE-2019-1306: ARE YOU MY INDEX?](https:\u002F\u002Fwww.thezdi.com\u002Fblog\u002F2019\u002F10\u002F23\u002Fcve-2019-1306-are-you-my-index) - Written by [@yu5k3](https:\u002F\u002Ftwitter.com\u002Fyu5k3).\n- [WebLogic RCE (CVE-2019-2725) Debug Diary](https:\u002F\u002Fpaper.seebug.org\u002F910\u002F) - Written by Badcode@Knownsec 404 Team.\n- [What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.](https:\u002F\u002Ffoxglovesecurity.com\u002F2015\u002F11\u002F06\u002Fwhat-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability\u002F) - Written by [@breenmachine](https:\u002F\u002Ftwitter.com\u002F@breenmachine).\n- [Exploiting Node.js deserialization bug for Remote Code Execution](https:\u002F\u002Fopsecx.com\u002Findex.php\u002F2017\u002F02\u002F08\u002Fexploiting-node-js-deserialization-bug-for-remote-code-execution\u002F) - Written by [OpSecX](https:\u002F\u002Fopsecx.com\u002Findex.php\u002Fauthor\u002Fajinabraham\u002F).\n- [DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE](https:\u002F\u002Fwww.ambionics.io\u002Fblog\u002Fdrupal-services-module-rce) - Written by [Ambionics Security](https:\u002F\u002Fwww.ambionics.io\u002F).\n- [How we exploited a remote code execution vulnerability in math.js](https:\u002F\u002Fcapacitorset.github.io\u002Fmathjs\u002F) - Written by [@capacitorset](https:\u002F\u002Fgithub.com\u002Fcapacitorset).\n- [GitHub Enterprise Remote Code Execution](http:\u002F\u002Fexablue.de\u002Fblog\u002F2017-03-15-github-enterprise-remote-code-execution.html) - Written by [@iblue](https:\u002F\u002Fgithub.com\u002Fiblue).\n- [Evil Teacher: Code Injection in Moodle](https:\u002F\u002Fblog.ripstech.com\u002F2018\u002Fmoodle-remote-code-execution\u002F) - Written by [RIPS Technologies](https:\u002F\u002Fwww.ripstech.com\u002F).\n- [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!](http:\u002F\u002Fblog.orange.tw\u002F2017\u002F07\u002Fhow-i-chained-4-vulnerabilities-on.html) - Written by [Orange](http:\u002F\u002Fblog.orange.tw\u002F).\n- [$36k Google App Engine RCE](https:\u002F\u002Fsites.google.com\u002Fsite\u002Ftestsitehacking\u002F-36k-google-app-engine-rce) - Written by [Ezequiel Pereira](https:\u002F\u002Fsites.google.com\u002Fsite\u002Ftestsitehacking\u002F).\n- [Poor RichFaces](https:\u002F\u002Fcodewhitesec.blogspot.com\u002F2018\u002F05\u002Fpoor-richfaces.html) - Written by [CODE WHITE](https:\u002F\u002Fwww.code-white.com\u002F).\n- [Remote Code Execution on a Facebook server](https:\u002F\u002Fblog.scrt.ch\u002F2018\u002F08\u002F24\u002Fremote-code-execution-on-a-facebook-server\u002F) - Written by [@blaklis_](https:\u002F\u002Ftwitter.com\u002Fblaklis_).\n\n\u003Ca name=\"tricks-xss\">\u003C\u002Fa>\n### XSS\n\n- [Exploiting XSS with 20 characters limitation](https:\u002F\u002Fjlajara.gitlab.io\u002Fposts\u002F2019\u002F11\u002F30\u002FXSS_20_characters.html) - Written by [Jorge Lajara](https:\u002F\u002Fjlajara.gitlab.io\u002F).\n- [Upgrade self XSS to Exploitable XSS an 3 Ways Technic](https:\u002F\u002Fwww.hahwul.com\u002F2019\u002F11\u002Fupgrade-self-xss-to-exploitable-xss.html) - Written by [HAHWUL](https:\u002F\u002Fwww.hahwul.com\u002F).\n- [XSS without parentheses and semi-colons](https:\u002F\u002Fportswigger.net\u002Fblog\u002Fxss-without-parentheses-and-semi-colons) - Written by [@garethheyes](https:\u002F\u002Ftwitter.com\u002Fgarethheyes).\n- [XSS-Auditor — the protector of unprotected and the deceiver of protected.](https:\u002F\u002Fmedium.com\u002Fbugbountywriteup\u002Fxss-auditor-the-protector-of-unprotected-f900a5e15b7b) - Written by [@terjanq](https:\u002F\u002Fmedium.com\u002F@terjanq).\n- [Query parameter reordering causes redirect page to render unsafe URL](https:\u002F\u002Fhackerone.com\u002Freports\u002F293689) - Written by [kenziy](https:\u002F\u002Fhackerone.com\u002Fkenziy).\n- [ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else](http:\u002F\u002Fwww.slideshare.net\u002Fx00mario\u002Fes6-en) - Written by [Mario Heiderich](http:\u002F\u002Fwww.slideshare.net\u002Fx00mario).\n- [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)](https:\u002F\u002Fmedium.com\u002F@marin_m\u002Fhow-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.u50nrzhas) - Written by [@marin_m](https:\u002F\u002Fmedium.com\u002F@marin_m).\n- [DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS](https:\u002F\u002Fwww.blackhat.com\u002Fdocs\u002Fus-17\u002Fthursday\u002Fus-17-Lekies-Dont-Trust-The-DOM-Bypassing-XSS-Mitigations-Via-Script-Gadgets.pdf) - Written by [Sebastian Lekies](https:\u002F\u002Ftwitter.com\u002Fslekies), [Krzysztof Kotowicz](https:\u002F\u002Ftwitter.com\u002Fkkotowicz), and [Eduardo Vela](https:\u002F\u002Ftwitter.com\u002Fsirdarckcat).\n- [Uber XSS via Cookie](http:\u002F\u002Fzhchbin.github.io\u002F2017\u002F08\u002F30\u002FUber-XSS-via-Cookie\u002F) - Written by [zhchbin](http:\u002F\u002Fzhchbin.github.io\u002F).\n- [DOM XSS – auth.uber.com](http:\u002F\u002Fstamone-bug-bounty.blogspot.tw\u002F2017\u002F10\u002Fdom-xss-auth14.html) - Written by [StamOne_](http:\u002F\u002Fstamone-bug-bounty.blogspot.tw\u002F).\n- [Stored XSS on Facebook](https:\u002F\u002Fopnsec.com\u002F2018\u002F03\u002Fstored-xss-on-facebook\u002F) - Written by [Enguerran Gillier](https:\u002F\u002Fopnsec.com\u002F).\n- [XSS in Google Colaboratory + CSP bypass](https:\u002F\u002Fblog.bentkowski.info\u002F2018\u002F06\u002Fxss-in-google-colaboratory-csp-bypass.html) - Written by [Michał Bentkowski](https:\u002F\u002Fblog.bentkowski.info\u002F).\n- [Another XSS in Google Colaboratory](https:\u002F\u002Fblog.bentkowski.info\u002F2018\u002F09\u002Fanother-xss-in-google-colaboratory.html) - Written by [Michał Bentkowski](https:\u002F\u002Fblog.bentkowski.info\u002F).\n- [\u003C\u002Fscript> is filtered ?](https:\u002F\u002Ftwitter.com\u002Fstrukt93\u002Fstatus\u002F931586377665331200) - Written by [@strukt93](https:\u002F\u002Ftwitter.com\u002Fstrukt93).\n- [$20000 Facebook DOM XSS](https:\u002F\u002Fvinothkumar.me\u002F20000-facebook-dom-xss\u002F) - Written by [@vinodsparrow](https:\u002F\u002Ftwitter.com\u002Fvinodsparrow).\n\n\u003Ca name=\"tricks-sql-injection\">\u003C\u002Fa>\n### SQL Injection\n\n- [MySQL Error Based SQL Injection Using EXP](https:\u002F\u002Fwww.exploit-db.com\u002Fdocs\u002Fenglish\u002F37953-mysql-error-based-sql-injection-using-exp.pdf) - Written by [@osandamalith](https:\u002F\u002Ftwitter.com\u002Fosandamalith).\n- [SQL injection in an UPDATE query - a bug bounty story!](http:\u002F\u002Fzombiehelp54.blogspot.jp\u002F2017\u002F02\u002Fsql-injection-in-update-query-bug.html) - Written by [Zombiehelp54](http:\u002F\u002Fzombiehelp54.blogspot.jp\u002F).\n- [GitHub Enterprise SQL Injection](http:\u002F\u002Fblog.orange.tw\u002F2017\u002F01\u002Fbug-bounty-github-enterprise-sql-injection.html) - Written by [Orange](http:\u002F\u002Fblog.orange.tw\u002F).\n- [Making a Blind SQL Injection a little less blind](https:\u002F\u002Fmedium.com\u002F@tomnomnom\u002Fmaking-a-blind-sql-injection-a-little-less-blind-428dcb614ba8) - Written by [TomNomNom](https:\u002F\u002Ftwitter.com\u002FTomNomNom).\n- [Red Team Tales 0x01: From MSSQL to RCE](https:\u002F\u002Fwww.tarlogic.com\u002Fen\u002Fblog\u002Fred-team-tales-0x01\u002F) - Written by [Tarlogic](https:\u002F\u002Fwww.tarlogic.com\u002Fen\u002Fcybersecurity-blog\u002F).\n- [SQL INJECTION AND POSTGRES - AN ADVENTURE TO EVENTUAL RCE](https:\u002F\u002Fpulsesecurity.co.nz\u002Farticles\u002Fpostgres-sqli) - Written by [@denandz](https:\u002F\u002Fgithub.com\u002Fdenandz).\n\n\u003Ca name=\"tricks-nosql-injection\">\u003C\u002Fa>\n### NoSQL Injection\n\n- [GraphQL NoSQL Injection Through JSON Types](http:\u002F\u002Fwww.petecorey.com\u002Fblog\u002F2017\u002F06\u002F12\u002Fgraphql-nosql-injection-through-json-types\u002F) - Written by [Pete](http:\u002F\u002Fwww.petecorey.com\u002Fwork\u002F).\n\n\u003Ca name=\"tricks-ftp-injection\">\u003C\u002Fa>\n### FTP Injection\n\n- [XML Out-Of-Band Data Retrieval](https:\u002F\u002Fmedia.blackhat.com\u002Feu-13\u002Fbriefings\u002FOsipov\u002Fbh-eu-13-XML-data-osipov-slides.pdf) - Written by [@a66at](https:\u002F\u002Ftwitter.com\u002Fa66at) and Alexey Osipov.\n- [XXE OOB exploitation at Java 1.7+](http:\u002F\u002Flab.onsec.ru\u002F2014\u002F06\u002Fxxe-oob-exploitation-at-java-17.html) - Written by [Ivan Novikov](http:\u002F\u002Flab.onsec.ru\u002F).\n\n\u003Ca name=\"tricks-xxe\">\u003C\u002Fa>\n### XXE\n\n- [Evil XML with two encodings](https:\u002F\u002Fmohemiv.com\u002Fall\u002Fevil-xml\u002F) - Written by [Arseniy Sharoglazov](https:\u002F\u002Fmohemiv.com\u002F).\n- [XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)](http:\u002F\u002Fseclists.org\u002Ffulldisclosure\u002F2018\u002FJul\u002F3) - Written by [Rose Jackcode](https:\u002F\u002Ftwitter.com\u002Fcodeshtool).\n- [XML Out-Of-Band Data Retrieval](https:\u002F\u002Fmedia.blackhat.com\u002Feu-13\u002Fbriefings\u002FOsipov\u002Fbh-eu-13-XML-data-osipov-slides.pdf) - Written by Timur Yunusov and Alexey Osipov.\n- [XXE OOB exploitation at Java 1.7+ (2014)](http:\u002F\u002Flab.onsec.ru\u002F2014\u002F06\u002Fxxe-oob-exploitation-at-java-17.html): Exfiltration using FTP protocol - Written by [Ivan Novikov](https:\u002F\u002Ftwitter.com\u002Fd0znpp\u002F).\n- [XXE OOB extracting via HTTP+FTP using single opened port](https:\u002F\u002Fskavans.ru\u002Fen\u002F2017\u002F12\u002F02\u002Fxxe-oob-extracting-via-httpftp-using-single-opened-port\u002F) - Written by [skavans](https:\u002F\u002Fskavans.ru\u002F).\n- [What You Didn't Know About XML External Entities Attacks](https:\u002F\u002F2013.appsecusa.org\u002F2013\u002Fwp-content\u002Fuploads\u002F2013\u002F12\u002FWhatYouDidntKnowAboutXXEAttacks.pdf) - Written by [Timothy D. Morgan](https:\u002F\u002Ftwitter.com\u002Fecbftw).\n- [Pre-authentication XXE vulnerability in the Services Drupal module](https:\u002F\u002Fwww.synacktiv.com\u002Fressources\u002Fsynacktiv_drupal_xxe_services.pdf) -  Written by [Renaud Dubourguais](https:\u002F\u002Ftwitter.com\u002F_m0bius).\n- [Forcing XXE Reflection through Server Error Messages](https:\u002F\u002Fblog.netspi.com\u002Fforcing-xxe-reflection-server-error-messages\u002F) - Written by [Antti Rantasaari](https:\u002F\u002Fblog.netspi.com\u002Fauthor\u002Fantti-rantasaari\u002F).\n- [Exploiting XXE with local DTD files](https:\u002F\u002Fmohemiv.com\u002Fall\u002Fexploiting-xxe-with-local-dtd-files\u002F) - Written by [Arseniy Sharoglazov](https:\u002F\u002Ftwitter.com\u002F_mohemiv).\n- [Automating local DTD discovery for XXE exploitation](https:\u002F\u002Fwww.gosecure.net\u002Fblog\u002F2019\u002F07\u002F16\u002Fautomating-local-dtd-discovery-for-xxe-exploitation) - Written by [Philippe Arteau](https:\u002F\u002Ftwitter.com\u002Fh3xstream).\n\n\u003Ca name=\"tricks-ssrf\">\u003C\u002Fa>\n### SSRF\n\n- [AWS takeover through SSRF in JavaScript](http:\u002F\u002F10degres.net\u002Faws-takeover-through-ssrf-in-javascript\u002F) - Written by [Gwen](http:\u002F\u002F10degres.net\u002F).\n- [SSRF in Exchange leads to ROOT access in all instances](https:\u002F\u002Fhackerone.com\u002Freports\u002F341876) - Written by [@0xacb](https:\u002F\u002Ftwitter.com\u002F0xacb).\n- [SSRF to ROOT Access](https:\u002F\u002Fhackerone.com\u002Freports\u002F341876) - A $25k bounty for SSRF leading to ROOT Access in all instances by [0xacb](https:\u002F\u002Fhackerone.com\u002F0xacb).\n- [PHP SSRF Techniques](https:\u002F\u002Fmedium.com\u002Fsecjuice\u002Fphp-ssrf-techniques-9d422cb28d51) - Written by [@themiddleblue](https:\u002F\u002Fmedium.com\u002F@themiddleblue).\n- [SSRF in https:\u002F\u002Fimgur.com\u002Fvidgif\u002Furl](https:\u002F\u002Fhackerone.com\u002Freports\u002F115748) - Written by [aesteral](https:\u002F\u002Fhackerone.com\u002Faesteral).\n- [All you need to know about SSRF and how may we write tools to do auto-detect](https:\u002F\u002Fwww.auxy.xyz\u002Fweb%20security\u002F2017\u002F07\u002F06\u002Fall-ssrf-knowledge.html) - Written by [@Auxy233](https:\u002F\u002Ftwitter.com\u002FAuxy233).\n- [A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!](https:\u002F\u002Fwww.blackhat.com\u002Fdocs\u002Fus-17\u002Fthursday\u002Fus-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf) - Written by [Orange](http:\u002F\u002Fblog.orange.tw\u002F).\n- [SSRF Tips](http:\u002F\u002Fblog.safebuff.com\u002F2016\u002F07\u002F03\u002FSSRF-Tips\u002F) - Written by [xl7dev](http:\u002F\u002Fblog.safebuff.com\u002F).\n- [Into the Borg – SSRF inside Google production network](https:\u002F\u002Fopnsec.com\u002F2018\u002F07\u002Finto-the-borg-ssrf-inside-google-production-network\u002F) - Written by [opnsec](https:\u002F\u002Fopnsec.com\u002F).\n- [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https:\u002F\u002Fmedium.com\u002Fbugbountywriteup\u002Fpiercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a) - Written by [Alyssa Herrera](https:\u002F\u002Fmedium.com\u002F@alyssa.o.herrera).\n\n\u003Ca name=\"tricks-web-cache-poisoning\">\u003C\u002Fa>\n### Web Cache Poisoning\n\n- [Bypassing Web Cache Poisoning Countermeasures](https:\u002F\u002Fportswigger.net\u002Fblog\u002Fbypassing-web-cache-poisoning-countermeasures) - Written by [@albinowax](https:\u002F\u002Ftwitter.com\u002Falbinowax).\n- [Cache poisoning and other dirty tricks](https:\u002F\u002Flab.wallarm.com\u002Fcache-poisoning-and-other-dirty-tricks-120468f1053f) - Written by [Wallarm](https:\u002F\u002Fwallarm.com\u002F).\n\n\u003Ca name=\"tricks-header-injection\">\u003C\u002Fa>\n### Header Injection\n\n- [Java\u002FPython FTP Injections Allow for Firewall Bypass](http:\u002F\u002Fblog.blindspotsecurity.com\u002F2017\u002F02\u002Fadvisory-javapython-ftp-injections.html) - Written by [Timothy Morgan](https:\u002F\u002Fplus.google.com\u002F105917618099766831589).\n\n\u003Ca name=\"tricks-url\">\u003C\u002Fa>\n### URL\n\n- [Some Problems Of URLs](https:\u002F\u002Fnoncombatant.org\u002F2017\u002F11\u002F07\u002Fproblems-of-urls\u002F) - Written by [Chris Palmer](https:\u002F\u002Fnoncombatant.org\u002Fabout\u002F).\n- [Phishing with Unicode Domains](https:\u002F\u002Fwww.xudongz.com\u002Fblog\u002F2017\u002Fidn-phishing\u002F) - Written by [Xudong Zheng](https:\u002F\u002Fwww.xudongz.com\u002F).\n- [Unicode Domains are bad and you should feel bad for supporting them](https:\u002F\u002Fwww.vgrsec.com\u002Fpost20170219.html) - Written by [VRGSEC](https:\u002F\u002Fwww.vgrsec.com\u002F).\n- [[dev.twitter.com] XSS](http:\u002F\u002Fblog.blackfan.ru\u002F2017\u002F09\u002Fdevtwittercom-xss.html) - Written by [Sergey Bobrov](http:\u002F\u002Fblog.blackfan.ru\u002F).\n\n\u003Ca name=\"tricks-deserialization\">\u003C\u002Fa>\n### Deserialization\n\n- [ASP.NET resource files (.RESX) and deserialisation issues](https:\u002F\u002Fwww.nccgroup.trust\u002Fuk\u002Fabout-us\u002Fnewsroom-and-events\u002Fblogs\u002F2018\u002Faugust\u002Faspnet-resource-files-resx-and-deserialisation-issues\u002F) - Written by [@irsdl](https:\u002F\u002Ftwitter.com\u002Firsdl).\n\n\u003Ca name=\"tricks-oauth\">\u003C\u002Fa>\n### OAuth\n\n- [Facebook OAuth Framework Vulnerability](https:\u002F\u002Fwww.amolbaikar.com\u002Ffacebook-oauth-framework-vulnerability\u002F) - Written by [@AmolBaikar](https:\u002F\u002Ftwitter.com\u002FAmolBaikar).\n\n\u003Ca name=\"tricks-others\">\u003C\u002Fa>\n### Others\n\n- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https:\u002F\u002Fmedium.com\u002Ffree-code-camp\u002Fmessing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) - Written by [@alex.birsan](https:\u002F\u002Fmedium.com\u002F@alex.birsan).\n- [Some Tricks From My Secret Group](https:\u002F\u002Fwww.leavesongs.com\u002FSHARE\u002Fsome-tricks-from-my-secret-group.html) - Written by [phithon](https:\u002F\u002Fwww.leavesongs.com\u002F).\n- [Inducing DNS Leaks in Onion Web Services](https:\u002F\u002Fgithub.com\u002Fepidemics-scepticism\u002Fwriting\u002Fblob\u002Fmaster\u002Fonion-dns-leaks.md) - Written by [@epidemics-scepticism](https:\u002F\u002Fgithub.com\u002Fepidemics-scepticism).\n- [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https:\u002F\u002Fs1gnalcha0s.github.io\u002Fdspl\u002F2018\u002F03\u002F07\u002FStored-XSS-and-SSRF-Google.html) - Written by [@signalchaos](https:\u002F\u002Ftwitter.com\u002Fsignalchaos).\n\n## Browser Exploitation\n\n### Frontend (like SOP bypass, URL spoofing, and something like that)\n\n- [The world of Site Isolation and compromised renderer](https:\u002F\u002Fspeakerdeck.com\u002Fshhnjk\u002Fthe-world-of-site-isolation-and-compromised-renderer) - Written by [@shhnjk](https:\u002F\u002Ftwitter.com\u002Fshhnjk).\n- [The Cookie Monster in Your Browsers](https:\u002F\u002Fspeakerdeck.com\u002Ffiledescriptor\u002Fthe-cookie-monster-in-your-browsers) - Written by [@filedescriptor](https:\u002F\u002Ftwitter.com\u002Ffiledescriptor).\n- [Bypassing Mobile Browser Security For Fun And Profit](https:\u002F\u002Fwww.blackhat.com\u002Fdocs\u002Fasia-16\u002Fmaterials\u002Fasia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit-wp.pdf) - Written by [@rafaybaloch](https:\u002F\u002Ftwitter.com\u002F@rafaybaloch).\n- [The inception bar: a new phishing method](https:\u002F\u002Fjameshfisher.com\u002F2019\u002F04\u002F27\u002Fthe-inception-bar-a-new-phishing-method\u002F) - Written by [jameshfisher](https:\u002F\u002Fjameshfisher.com\u002F).\n- [JSON hijacking for the modern web](http:\u002F\u002Fblog.portswigger.net\u002F2016\u002F11\u002Fjson-hijacking-for-modern-web.html) - Written by [portswigger](https:\u002F\u002Fportswigger.net\u002F).\n- [IE11 Information disclosure - local file detection](https:\u002F\u002Fwww.facebook.com\u002FExploitWareLabs\u002Fphotos\u002Fa.361854183878462.84544.338832389513975\u002F1378579648872572\u002F?type=3&theater) - Written by James Lee.\n- [SOP bypass \u002F UXSS – Stealing Credentials Pretty Fast (Edge)](https:\u002F\u002Fwww.brokenbrowser.com\u002Fsop-bypass-uxss-stealing-credentials-pretty-fast\u002F) - Written by [Manuel](https:\u002F\u002Ftwitter.com\u002Fmagicmac2000).\n- [Особенности Safari в client-side атаках](https:\u002F\u002Fbo0om.ru\u002Fsafari-client-side) - Written by [Bo0oM](https:\u002F\u002Fbo0om.ru\u002Fauthor\u002Fadmin).\n- [How do we Stop Spilling the Beans Across Origins?](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1cbL-X0kV_tQ5rL8XJ3lXkV-j0pt_CfTu5ZSzYrncPDc\u002F) - Written by [aaj at google.com](aaj@google.com) and [mkwst at google.com](mkwst@google.com).\n- [Setting arbitrary request headers in Chromium via CRLF injection](https:\u002F\u002Fblog.bentkowski.info\u002F2018\u002F06\u002Fsetting-arbitrary-request-headers-in.html) - Written by [Michał Bentkowski](https:\u002F\u002Fblog.bentkowski.info\u002F).\n- [I’m harvesting credit card numbers and passwords from your site. Here’s how.](https:\u002F\u002Fhackernoon.com\u002Fim-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5) - Written by [David Gilbertson](https:\u002F\u002Fhackernoon.com\u002F@david.gilbertson).\n- [Sending arbitrary IPC messages via overriding Function.prototype.apply](https:\u002F\u002Fhackerone.com\u002Freports\u002F188086) - Written by [@kinugawamasato](https:\u002F\u002Ftwitter.com\u002Fkinugawamasato).\n- [Take Advantage of Out-of-Scope Domains in Bug Bounty Programs](https:\u002F\u002Fahussam.me\u002FTake-Advantage-of-Out-of-Scope-Domains-in-Bug-Bounty\u002F) - Written by [@Abdulahhusam](https:\u002F\u002Ftwitter.com\u002FAbdulahhusam).\n\n### Backend (core of Browser implementation, and often refers to C or C++ part)\n\n- [Breaking UC Browser](https:\u002F\u002Fhabr.com\u002Fen\u002Fcompany\u002Fdrweb\u002Fblog\u002F452076\u002F) - Written by [Доктор Веб](https:\u002F\u002Fwww.drweb.ru\u002F).\n- [Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622](http:\u002F\u002Fwww.phrack.org\u002Fpapers\u002Fattacking_javascript_engines.html) - Written by [phrack@saelo.net](phrack@saelo.net).\n- [Three roads lead to Rome](http:\u002F\u002Fblogs.360.cn\u002F360safe\u002F2016\u002F11\u002F29\u002Fthree-roads-lead-to-rome-2\u002F) - Written by [@holynop](https:\u002F\u002Ftwitter.com\u002Fholynop).\n- [Exploiting a V8 OOB write.](https:\u002F\u002Fhalbecaf.com\u002F2017\u002F05\u002F24\u002Fexploiting-a-v8-oob-write\u002F) - Written by [@halbecaf](https:\u002F\u002Ftwitter.com\u002Fhalbecaf).\n- [SSD Advisory – Chrome Turbofan Remote Code Execution](https:\u002F\u002Fblogs.securiteam.com\u002Findex.php\u002Farchives\u002F3379) - Written by [SecuriTeam Secure Disclosure (SSD)](https:\u002F\u002Fblogs.securiteam.com\u002F).\n- [Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11](https:\u002F\u002Flabs.bluefrostsecurity.de\u002Ffiles\u002FLook_Mom_I_Dont_Use_Shellcode-WP.pdf) - Written by [@moritzj](http:\u002F\u002Ftwitter.com\u002Fmoritzj).\n- [PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT](https:\u002F\u002Fwww.zerodayinitiative.com\u002Fblog\u002F2018\u002F2\u002F12\u002Fpushing-webkits-buttons-with-a-mobile-pwn2own-exploit) - Written by [@wanderingglitch](https:\u002F\u002Ftwitter.com\u002Fwanderingglitch).\n- [A Methodical Approach to Browser Exploitation](https:\u002F\u002Fblog.ret2.io\u002F2018\u002F06\u002F05\u002Fpwn2own-2018-exploit-development\u002F) - Written by [RET2 SYSTEMS, INC](https:\u002F\u002Fblog.ret2.io\u002F).\n- [CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime.](https:\u002F\u002Fdoar-e.github.io\u002Fblog\u002F2018\u002F07\u002F14\u002Fcve-2017-2446-or-jscjsglobalobjectishavingabadtime\u002F) - Written by [Diary of a reverse-engineer](https:\u002F\u002Fdoar-e.github.io\u002F).\n- [CLEANLY ESCAPING THE CHROME SANDBOX](https:\u002F\u002Ftheori.io\u002Fresearch\u002Fescaping-chrome-sandbox) - Written by [@tjbecker_](https:\u002F\u002Ftwitter.com\u002Ftjbecker_).\n- [A Methodical Approach to Browser Exploitation](https:\u002F\u002Fblog.ret2.io\u002F2018\u002F06\u002F05\u002Fpwn2own-2018-exploit-development\u002F) - Written by [@PatrickBiernat](https:\u002F\u002Ftwitter.com\u002FPatrickBiernat), [@gaasedelen](https:\u002F\u002Ftwitter.com\u002Fgaasedelen) and [@itszn13](https:\u002F\u002Ftwitter.com\u002Fitszn13).\n\n## PoCs\n\n\u003Ca name=\"pocs-database\">\u003C\u002Fa>\n### Database\n\n- [js-vuln-db](https:\u002F\u002Fgithub.com\u002Ftunz\u002Fjs-vuln-db) - Collection of JavaScript engine CVEs with PoCs by [@tunz](https:\u002F\u002Fgithub.com\u002Ftunz).\n- [awesome-cve-poc](https:\u002F\u002Fgithub.com\u002Fqazbnm456\u002Fawesome-cve-poc) - Curated list of CVE PoCs by [@qazbnm456](https:\u002F\u002Fgithub.com\u002Fqazbnm456).\n- [Some-PoC-oR-ExP](https:\u002F\u002Fgithub.com\u002Fcoffeehb\u002FSome-PoC-oR-ExP) - 各种漏洞poc、Exp的收集或编写 by [@coffeehb](https:\u002F\u002Fgithub.com\u002Fcoffeehb).\n- [uxss-db](https:\u002F\u002Fgithub.com\u002FMetnew\u002Fuxss-db) - Collection of UXSS CVEs with PoCs by [@Metnew](https:\u002F\u002Fgithub.com\u002FMetnew).\n- [SPLOITUS](https:\u002F\u002Fsploitus.com\u002F) - Exploits & Tools Search Engine by [@i_bo0om](https:\u002F\u002Ftwitter.com\u002Fi_bo0om).\n- [Exploit Database](https:\u002F\u002Fwww.exploit-db.com\u002F) - ultimate archive of Exploits, Shellcode, and Security Papers by [Offensive Security](https:\u002F\u002Fwww.offensive-security.com\u002F).\n\n## Cheetsheets\n\n- [XSS Cheat Sheet - 2018 Edition](https:\u002F\u002Fleanpub.com\u002Fxss) - Written by [@brutelogic](https:\u002F\u002Ftwitter.com\u002Fbrutelogic).\n- [Capture the Flag CheatSheet](https:\u002F\u002Fgithub.com\u002Fuppusaikiran\u002Fawesome-ctf-cheatsheet) - Written by [@uppusaikiran](https:\u002F\u002Fgithub.com\u002Fuppusaikiran).\n\n## Tools\n\n\u003Ca name=\"tools-auditing\">\u003C\u002Fa>\n### Auditing\n\n- [prowler](https:\u002F\u002Fgithub.com\u002FAlfresco\u002Fprowler) - Tool for AWS security assessment, auditing and hardening by [@Alfresco](https:\u002F\u002Fgithub.com\u002FAlfresco).\n- [slurp](https:\u002F\u002Fgithub.com\u002Fhehnope\u002Fslurp) - Evaluate the security of S3 buckets by [@hehnope](https:\u002F\u002Fgithub.com\u002Fhehnope).\n- [A2SV](https:\u002F\u002Fgithub.com\u002Fhahwul\u002Fa2sv) - Auto Scanning to SSL Vulnerability by [@hahwul](https:\u002F\u002Fgithub.com\u002Fhahwul).\n\n\u003Ca name=\"tools-command-injection\">\u003C\u002Fa>\n### Command Injection\n\n- [commix](https:\u002F\u002Fgithub.com\u002Fcommixproject\u002Fcommix) - Automated All-in-One OS command injection and exploitation tool by [@commixproject](https:\u002F\u002Fgithub.com\u002Fcommixproject).\n\n\u003Ca name=\"tools-reconnaissance\">\u003C\u002Fa>\n### Reconnaissance\n\n\u003Ca name=\"tools-osint\">\u003C\u002Fa>\n#### OSINT - Open-Source Intelligence\n\n- [Shodan](https:\u002F\u002Fwww.shodan.io\u002F) - Shodan is the world's first search engine for Internet-connected devices by [@shodanhq](https:\u002F\u002Ftwitter.com\u002Fshodanhq).\n- [Censys](https:\u002F\u002Fcensys.io\u002F) - Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet by [University of Michigan](https:\u002F\u002Fumich.edu\u002F).\n- [urlscan.io](https:\u002F\u002Furlscan.io\u002F) - Service which analyses websites and the resources they request by [@heipei](https:\u002F\u002Ftwitter.com\u002Fheipei).\n- [ZoomEye](https:\u002F\u002Fwww.zoomeye.org\u002F) - Cyberspace Search Engine by [@zoomeye_team](https:\u002F\u002Ftwitter.com\u002Fzoomeye_team).\n- [FOFA](https:\u002F\u002Ffofa.so\u002F?locale=en) - Cyberspace Search Engine by [BAIMAOHUI](http:\u002F\u002Fbaimaohui.net\u002F).\n- [NSFOCUS](https:\u002F\u002Fnti.nsfocus.com\u002F) - THREAT INTELLIGENCE PORTAL by NSFOCUS GLOBAL.\n- [Photon](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FPhoton) - Incredibly fast crawler designed for OSINT by [@s0md3v](https:\u002F\u002Fgithub.com\u002Fs0md3v).\n- [FOCA](https:\u002F\u002Fgithub.com\u002FElevenPaths\u002FFOCA) - FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans by [ElevenPaths](https:\u002F\u002Fwww.elevenpaths.com\u002Findex.html).\n- [SpiderFoot](http:\u002F\u002Fwww.spiderfoot.net\u002F) - Open source footprinting and intelligence-gathering tool by [@binarypool](https:\u002F\u002Ftwitter.com\u002Fbinarypool).\n- [xray](https:\u002F\u002Fgithub.com\u002Fevilsocket\u002Fxray) - XRay is a tool for recon, mapping and OSINT gathering from public networks by [@evilsocket](https:\u002F\u002Fgithub.com\u002Fevilsocket).\n- [gitrob](https:\u002F\u002Fgithub.com\u002Fmichenriksen\u002FGitrob) - Reconnaissance tool for GitHub organizations by [@michenriksen](https:\u002F\u002Fgithub.com\u002Fmichenriksen).\n- [GSIL](https:\u002F\u002Fgithub.com\u002FFeeiCN\u002FGSIL) - Github Sensitive Information Leakage（Github敏感信息泄露）by [@FeeiCN](https:\u002F\u002Fgithub.com\u002FFeeiCN).\n- [raven](https:\u002F\u002Fgithub.com\u002F0x09AL\u002Fraven) - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin by [@0x09AL](https:\u002F\u002Fgithub.com\u002F0x09AL).\n- [ReconDog](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FReconDog) - Reconnaissance Swiss Army Knife by [@s0md3v](https:\u002F\u002Fgithub.com\u002Fs0md3v).\n- [Databases - start.me](https:\u002F\u002Fstart.me\u002Fp\u002FQRENnO\u002Fdatabases) - Various databases which you can use for your OSINT research by [@technisette](https:\u002F\u002Ftwitter.com\u002Ftechnisette).\n- [peoplefindThor](https:\u002F\u002Fpeoplefindthor.dk\u002F) - the easy way to find people on Facebook by [postkassen](mailto:postkassen@oejvind.dk?subject=peoplefindthor.dk comments).\n- [tinfoleak](https:\u002F\u002Fgithub.com\u002Fvaguileradiaz\u002Ftinfoleak) - The most complete open-source tool for Twitter intelligence analysis by [@vaguileradiaz](https:\u002F\u002Fgithub.com\u002Fvaguileradiaz).\n- [Raccoon](https:\u002F\u002Fgithub.com\u002Fevyatarmeged\u002FRaccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning by [@evyatarmeged](https:\u002F\u002Fgithub.com\u002Fevyatarmeged).\n- [Social Mapper](https:\u002F\u002Fgithub.com\u002FSpiderLabs\u002Fsocial_mapper) - Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf) by [@SpiderLabs](https:\u002F\u002Fgithub.com\u002FSpiderLabs).\n- [espi0n\u002FDockerfiles](https:\u002F\u002Fgithub.com\u002Fespi0n\u002FDockerfiles) - Dockerfiles for various OSINT tools by [@espi0n](https:\u002F\u002Fgithub.com\u002Fespi0n).\n\n\u003Ca name=\"tools-sub-domain-enumeration\">\u003C\u002Fa>\n#### Sub Domain Enumeration\n\n- [Sublist3r](https:\u002F\u002Fgithub.com\u002Faboul3la\u002FSublist3r) - Sublist3r is a multi-threaded sub-domain enumeration tool for penetration testers by [@aboul3la](https:\u002F\u002Fgithub.com\u002Faboul3la).\n- [EyeWitness](https:\u002F\u002Fgithub.com\u002FChrisTruncer\u002FEyeWitness) - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible by [@ChrisTruncer](https:\u002F\u002Fgithub.com\u002FChrisTruncer).\n- [subDomainsBrute](https:\u002F\u002Fgithub.com\u002Flijiejie\u002FsubDomainsBrute) - A simple and fast sub domain brute tool for pentesters by [@lijiejie](https:\u002F\u002Fgithub.com\u002Flijiejie).\n- [AQUATONE](https:\u002F\u002Fgithub.com\u002Fmichenriksen\u002Faquatone) - Tool for Domain Flyovers by [@michenriksen](https:\u002F\u002Fgithub.com\u002Fmichenriksen).\n- [domain_analyzer](https:\u002F\u002Fgithub.com\u002Feldraco\u002Fdomain_analyzer) - Analyze the security of any domain by finding all the information possible by [@eldraco](https:\u002F\u002Fgithub.com\u002Feldraco).\n- [VirusTotal domain information](https:\u002F\u002Fwww.virustotal.com\u002Fen\u002Fdocumentation\u002Fsearching\u002F#getting-domain-information) - Searching for domain information by [VirusTotal](https:\u002F\u002Fwww.virustotal.com\u002F).\n- [Certificate Transparency](https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fcertificate-transparency) - Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system by [@google](https:\u002F\u002Fgithub.com\u002Fgoogle).\n- [Certificate Search](https:\u002F\u002Fcrt.sh\u002F) - Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID to search certificate(s) by [@crtsh](https:\u002F\u002Fgithub.com\u002Fcrtsh).\n- [GSDF](https:\u002F\u002Fgithub.com\u002FWe5ter\u002FGSDF) - Domain searcher named GoogleSSLdomainFinder by [@We5ter](https:\u002F\u002Fgithub.com\u002FWe5ter).\n\n\u003Ca name=\"tools-code-generating\">\u003C\u002Fa>\n### Code Generating\n\n- [VWGen](https:\u002F\u002Fgithub.com\u002Fqazbnm456\u002FVWGen) - Vulnerable Web applications Generator by [@qazbnm456](https:\u002F\u002Fgithub.com\u002Fqazbnm456).\n\n\u003Ca name=\"tools-fuzzing\">\u003C\u002Fa>\n### Fuzzing\n\n- [wfuzz](https:\u002F\u002Fgithub.com\u002Fxmendez\u002Fwfuzz) - Web application bruteforcer by [@xmendez](https:\u002F\u002Fgithub.com\u002Fxmendez).\n- [charsetinspect](https:\u002F\u002Fgithub.com\u002Fhack-all-the-things\u002Fcharsetinspect) - Script that inspects multi-byte character sets looking for characters with specific user-defined properties by [@hack-all-the-things](https:\u002F\u002Fgithub.com\u002Fhack-all-the-things).\n- [IPObfuscator](https:\u002F\u002Fgithub.com\u002FOsandaMalith\u002FIPObfuscator) - Simple tool to convert the IP to a DWORD IP by [@OsandaMalith](https:\u002F\u002Fgithub.com\u002FOsandaMalith).\n- [domato](https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fdomato) - DOM fuzzer by [@google](https:\u002F\u002Fgithub.com\u002Fgoogle).\n- [FuzzDB](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.\n- [dirhunt](https:\u002F\u002Fgithub.com\u002FNekmo\u002Fdirhunt) - Web crawler optimized for searching and analyzing the directory structure of a site by [@nekmo](https:\u002F\u002Fgithub.com\u002FNekmo).\n- [ssltest](https:\u002F\u002Fwww.ssllabs.com\u002Fssltest\u002F) - Online service that performs a deep analysis of the configuration of any SSL web server on the public internet. Provided by [Qualys SSL Labs](https:\u002F\u002Fwww.ssllabs.com).\n- [fuzz.txt](https:\u002F\u002Fgithub.com\u002FBo0oM\u002Ffuzz.txt) - Potentially dangerous files by [@Bo0oM](https:\u002F\u002Fgithub.com\u002FBo0oM).\n\n\u003Ca name=\"tools-scanning\">\u003C\u002Fa>\n### Scanning\n\n- [wpscan](https:\u002F\u002Fgithub.com\u002Fwpscanteam\u002Fwpscan) - WPScan is a black box WordPress vulnerability scanner by [@wpscanteam](https:\u002F\u002Fgithub.com\u002Fwpscanteam).\n- [JoomlaScan](https:\u002F\u002Fgithub.com\u002Fdrego85\u002FJoomlaScan) - Free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan by [@drego85](https:\u002F\u002Fgithub.com\u002Fdrego85).\n- [WAScan](https:\u002F\u002Fgithub.com\u002Fm4ll0k\u002FWAScan) - Is an open source web application security scanner that uses \"black-box\" method, created by [@m4ll0k](https:\u002F\u002Fgithub.com\u002Fm4ll0k).\n- [Nuclei](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fnuclei) - Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use by [@projectdiscovery](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery).\n\n\u003Ca name=\"tools-penetration-testing\">\u003C\u002Fa>\n### Penetration Testing\n\n- [Burp Suite](https:\u002F\u002Fportswigger.net\u002Fburp\u002F) - Burp Suite is an integrated platform for performing security testing of web applications by [portswigger](https:\u002F\u002Fportswigger.net\u002F).\n- [TIDoS-Framework](https:\u002F\u002Fgithub.com\u002FtheInfectedDrake\u002FTIDoS-Framework) - A comprehensive web application audit framework to cover up everything from Reconnaissance and OSINT to Vulnerability Analysis by [@_tID](https:\u002F\u002Fgithub.com\u002FtheInfectedDrake).\n- [Astra](https:\u002F\u002Fgithub.com\u002Fflipkart-incubator\u002Fastra) - Automated Security Testing For REST API's by [@flipkart-incubator](https:\u002F\u002Fgithub.com\u002Fflipkart-incubator).\n- [aws_pwn](https:\u002F\u002Fgithub.com\u002Fdagrz\u002Faws_pwn) - A collection of AWS penetration testing junk by [@dagrz](https:\u002F\u002Fgithub.com\u002Fdagrz).\n- [grayhatwarfare](https:\u002F\u002Fbuckets.grayhatwarfare.com\u002F) - Public buckets by [grayhatwarfare](http:\u002F\u002Fwww.grayhatwarfare.com\u002F).\n\n\u003Ca name=\"tools-offensive\">\u003C\u002Fa>\n### Offensive\n\n\u003Ca name=\"tools-xss\">\u003C\u002Fa>\n#### XSS - Cross-Site Scripting\n\n- [beef](https:\u002F\u002Fgithub.com\u002Fbeefproject\u002Fbeef) - The Browser Exploitation Framework Project by [beefproject](https:\u002F\u002Fbeefproject.com).\n- [JShell](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FJShell) - Get a JavaScript shell with XSS by [@s0md3v](https:\u002F\u002Fgithub.com\u002Fs0md3v).\n- [XSStrike](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FXSStrike) - XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs by [@s0md3v](https:\u002F\u002Fgithub.com\u002Fs0md3v).\n- [xssor2](https:\u002F\u002Fgithub.com\u002Fevilcos\u002Fxssor2) - XSS'OR - Hack with JavaScript by [@evilcos](https:\u002F\u002Fgithub.com\u002Fevilcos).\n- [csp evaluator](https:\u002F\u002Fcsper.io\u002Fevaluator) - A tool for evaluating content-security-policies by [Csper](http:\u002F\u002Fcsper.io).\n\n\u003Ca name=\"tools-sql-injection\">\u003C\u002Fa>\n#### SQL Injection\n\n- [sqlmap](https:\u002F\u002Fgithub.com\u002Fsqlmapproject\u002Fsqlmap) - Automatic SQL injection and database takeover tool.\n\n\u003Ca name=\"tools-template-injection\">\u003C\u002Fa>\n#### Template Injection\n\n- [tplmap](https:\u002F\u002Fgithub.com\u002Fepinna\u002Ftplmap) - Code and Server-Side Template Injection Detection and Exploitation Tool by [@epinna](https:\u002F\u002Fgithub.com\u002Fepinna).\n\n\u003Ca name=\"tools-xxe\">\u003C\u002Fa>\n#### XXE\n\n- [dtd-finder](https:\u002F\u002Fgithub.com\u002FGoSecure\u002Fdtd-finder) - List DTDs and generate XXE payloads using those local DTDs by [@GoSecure](https:\u002F\u002Fgithub.com\u002FGoSecure).\n\n\u003Ca name=\"tools-csrf\">\u003C\u002Fa>\n#### Cross Site Request Forgery\n\n- [XSRFProbe](https:\u002F\u002Fgithub.com\u002F0xInfection\u002FXSRFProbe) - The Prime CSRF Audit & Exploitation Toolkit by [@0xInfection](https:\u002F\u002Fgithub.com\u002F0xinfection).\n\n\u003Ca name=\"tools-ssrf\">\u003C\u002Fa>\n#### Server-Side Request Forgery\n\n- [Open redirect\u002FSSRF payload generator](https:\u002F\u002Ftools.intigriti.io\u002Fredirector\u002F) - Open redirect\u002FSSRF payload generator by [intigriti](https:\u002F\u002Fwww.intigriti.com\u002F).\n\n\u003Ca name=\"tools-leaking\">\u003C\u002Fa>\n### Leaking\n\n- [HTTPLeaks](https:\u002F\u002Fgithub.com\u002Fcure53\u002FHTTPLeaks) - All possible ways, a website can leak HTTP requests by [@cure53](https:\u002F\u002Fgithub.com\u002Fcure53).\n- [dvcs-ripper](https:\u002F\u002Fgithub.com\u002Fkost\u002Fdvcs-ripper) - Rip web accessible (distributed) version control systems: SVN\u002FGIT\u002FHG... by [@kost](https:\u002F\u002Fgithub.com\u002Fkost).\n- [DVCS-Pillage](https:\u002F\u002Fgithub.com\u002Fevilpacket\u002FDVCS-Pillage) - Pillage web accessible GIT, HG and BZR repositories by [@evilpacket](https:\u002F\u002Fgithub.com\u002Fevilpacket).\n- [GitMiner](https:\u002F\u002Fgithub.com\u002FUnkL4b\u002FGitMiner) - Tool for advanced mining for content on Github by [@UnkL4b](https:\u002F\u002Fgithub.com\u002FUnkL4b).\n- [gitleaks](https:\u002F\u002Fgithub.com\u002Fzricethezav\u002Fgitleaks) - Searches full repo history for secrets and keys by [@zricethezav](https:\u002F\u002Fgithub.com\u002Fzricethezav).\n- [CSS-Keylogging](https:\u002F\u002Fgithub.com\u002Fmaxchehab\u002FCSS-Keylogging) - Chrome extension and Express server that exploits keylogging abilities of CSS by [@maxchehab](https:\u002F\u002Fgithub.com\u002Fmaxchehab).\n- [pwngitmanager](https:\u002F\u002Fgithub.com\u002Fallyshka\u002Fpwngitmanager) - Git manager for pentesters by [@allyshka](https:\u002F\u002Fgithub.com\u002Fallyshka).\n- [snallygaster](https:\u002F\u002Fgithub.com\u002Fhannob\u002Fsnallygaster) - Tool to scan for secret files on HTTP servers by [@hannob](https:\u002F\u002Fgithub.com\u002Fhannob).\n- [LinkFinder](https:\u002F\u002Fgithub.com\u002FGerbenJavado\u002FLinkFinder) - Python script that finds endpoints in JavaScript files by [@GerbenJavado](https:\u002F\u002Fgithub.com\u002FGerbenJavado).\n\n\u003Ca name=\"tools-detecting\">\u003C\u002Fa>\n### Detecting\n\n- [sqlchop](https:\u002F\u002Fsqlchop.chaitin.cn\u002F) - SQL injection detection engine by [chaitin](http:\u002F\u002Fchaitin.com).\n- [xsschop](https:\u002F\u002Fxsschop.chaitin.cn\u002F) - XSS detection engine by [chaitin](http:\u002F\u002Fchaitin.com).\n- [retire.js](https:\u002F\u002Fgithub.com\u002FRetireJS\u002Fretire.js) - Scanner detecting the use of JavaScript libraries with known vulnerabilities by [@RetireJS](https:\u002F\u002Fgithub.com\u002FRetireJS).\n- [malware-jail](https:\u002F\u002Fgithub.com\u002FHynekPetrak\u002Fmalware-jail) - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by [@HynekPetrak](https:\u002F\u002Fgithub.com\u002FHynekPetrak).\n- [repo-supervisor](https:\u002F\u002Fgithub.com\u002Fauth0\u002Frepo-supervisor) - Scan your code for security misconfiguration, search for passwords and secrets.\n- [bXSS](https:\u002F\u002Fgithub.com\u002FLewisArdern\u002FbXSS) - bXSS is a simple Blind XSS application adapted from [cure53.de\u002Fm](https:\u002F\u002Fcure53.de\u002Fm) by [@LewisArdern](https:\u002F\u002Fgithub.com\u002FLewisArdern).\n- [OpenRASP](https:\u002F\u002Fgithub.com\u002Fbaidu\u002Fopenrasp) - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is observed under heavy server load.\n- [GuardRails](https:\u002F\u002Fgithub.com\u002Fapps\u002Fguardrails) - A GitHub App that provides security feedback in Pull Requests.\n\n\u003Ca name=\"tools-preventing\">\u003C\u002Fa>\n### Preventing\n\n- [DOMPurify](https:\u002F\u002Fgithub.com\u002Fcure53\u002FDOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https:\u002F\u002Fcure53.de\u002F).\n- [js-xss](https:\u002F\u002Fgithub.com\u002Fleizongmin\u002Fjs-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https:\u002F\u002Fgithub.com\u002Fleizongmin).\n- [Acra](https:\u002F\u002Fgithub.com\u002Fcossacklabs\u002Facra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https:\u002F\u002Fwww.cossacklabs.com\u002F).\n- [Csper](https:\u002F\u002Fcsper.io) - A set of tools for building\u002Fevaluating\u002Fmonitoring content-security-policy to prevent\u002Fdetect cross site scripting by [Csper](https:\u002F\u002Fcsper.io).\n\n\u003Ca name=\"tools-proxy\">\u003C\u002Fa>\n### Proxy\n\n- [Charles](https:\u002F\u002Fwww.charlesproxy.com\u002F) - HTTP proxy \u002F HTTP monitor \u002F Reverse Proxy that enables a developer to view all of the HTTP and SSL \u002F HTTPS traffic between their machine and the Internet.\n- [mitmproxy](https:\u002F\u002Fgithub.com\u002Fmitmproxy\u002Fmitmproxy) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers by [@mitmproxy](https:\u002F\u002Fgithub.com\u002Fmitmproxy).\n\n\u003Ca name=\"tools-webshell\">\u003C\u002Fa>\n### Webshell\n\n- [nano](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002Fnano) - Family of code golfed PHP shells by [@s0md3v](https:\u002F\u002Fgithub.com\u002Fs0md3v).\n- [webshell](https:\u002F\u002Fgithub.com\u002Ftennc\u002Fwebshell) - This is a webshell open source project by [@tennc](https:\u002F\u002Fgithub.com\u002Ftennc).\n- [Weevely](https:\u002F\u002Fgithub.com\u002Fepinna\u002Fweevely3) - Weaponized web shell by [@epinna](https:\u002F\u002Fgithub.com\u002Fepinna).\n- [Webshell-Sniper](https:\u002F\u002Fgithub.com\u002FWangYihang\u002FWebshell-Sniper) - Manage your website via terminal by [@WangYihang](https:\u002F\u002Fgithub.com\u002FWangYihang).\n- [Reverse-Shell-Manager](https:\u002F\u002Fgithub.com\u002FWangYihang\u002FReverse-Shell-Manager) - Reverse Shell Manager via Terminal [@WangYihang](https:\u002F\u002Fgithub.com\u002FWangYihang).\n- [reverse-shell](https:\u002F\u002Fgithub.com\u002Flukechilds\u002Freverse-shell) - Reverse Shell as a Service by [@lukechilds](https:\u002F\u002Fgithub.com\u002Flukechilds).\n- [PhpSploit](https:\u002F\u002Fgithub.com\u002Fnil0x42\u002Fphpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner by [@nil0x42](https:\u002F\u002Fgithub.com\u002Fnil0x42).\n\n\u003Ca name=\"tools-disassembler\">\u003C\u002Fa>\n### Disassembler\n\n- [plasma](https:\u002F\u002Fgithub.com\u002Fplasma-disassembler\u002Fplasma) - Plasma is an interactive disassembler for x86\u002FARM\u002FMIPS by [@plasma-disassembler](https:\u002F\u002Fgithub.com\u002Fplasma-disassembler).\n- [radare2](https:\u002F\u002Fgithub.com\u002Fradare\u002Fradare2) - Unix-like reverse engineering framework and commandline tools by [@radare](https:\u002F\u002Fgithub.com\u002Fradare).\n- [Iaitō](https:\u002F\u002Fgithub.com\u002Fhteso\u002Fiaito) - Qt and C++ GUI for radare2 reverse engineering framework by [@hteso](https:\u002F\u002Fgithub.com\u002Fhteso).\n\n\u003Ca name=\"tools-decompiler\">\u003C\u002Fa>\n### Decompiler\n\n- [CFR](http:\u002F\u002Fwww.benf.org\u002Fother\u002Fcfr\u002F) - Another java decompiler by [@LeeAtBenf](https:\u002F\u002Ftwitter.com\u002FLeeAtBenf).\n\n\u003Ca name=\"tools-dns-rebinding\">\u003C\u002Fa>\n### DNS Rebinding\n\n- [DNS Rebind Toolkit](https:\u002F\u002Fgithub.com\u002Fbrannondorsey\u002Fdns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey](https:\u002F\u002Fgithub.com\u002Fbrannondorsey)\n- [dref](https:\u002F\u002Fgithub.com\u002Fmwrlabs\u002Fdref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by [@mwrlabs](https:\u002F\u002Fgithub.com\u002Fmwrlabs)\n- [Singularity of Origin](https:\u002F\u002Fgithub.com\u002Fnccgroup\u002Fsingularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup](https:\u002F\u002Fgithub.com\u002Fnccgroup)\n- [Whonow DNS Server](https:\u002F\u002Fgithub.com\u002Fbrannondorsey\u002Fwhonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey](https:\u002F\u002Fgithub.com\u002Fbrannondorsey)\n\n\u003Ca name=\"tools-others\">\u003C\u002Fa>\n### Others\n\n- [Dnslogger](https:\u002F\u002Fwiki.skullsecurity.org\u002Findex.php?title=Dnslogger) - DNS Logger by [@iagox86](https:\u002F\u002Fgithub.com\u002Fiagox86).\n- [CyberChef](https:\u002F\u002Fgithub.com\u002Fgchq\u002FCyberChef) - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by [@GCHQ](https:\u002F\u002Fgithub.com\u002Fgchq).\n- [ntlm_challenger](https:\u002F\u002Fgithub.com\u002Fb17zr\u002Fntlm_challenger) - Parse NTLM over HTTP challenge messages by [@b17zr](https:\u002F\u002Fgithub.com\u002Fb17zr).\n- [cefdebug](https:\u002F\u002Fgithub.com\u002Ftaviso\u002Fcefdebug) - Minimal code to connect to a CEF debugger by [@taviso](https:\u002F\u002Fgithub.com\u002Ftaviso","awesome-web-security 是一个精心整理的网络安全资源列表，涵盖了从基础到高级的各种Web安全材料。该项目汇集了大量关于Web安全漏洞（如XSS、SQL注入等）的学习资料和技术文章，并提供了针对不同技术栈（如AngularJS、ReactJS等）的安全指南。此外，还包含了一些渗透测试技巧和绕过常见防御机制的方法。非常适合希望提升自己在Web安全领域知识与技能的安全研究人员、开发人员以及任何对网络安全感兴趣的人士参考使用。","2026-06-11 03:30:11","top_topic"]