mwebsec Goto Github PK

ad-attack-defense

Attack and defend active directory using modern post exploitation adversary tradecraft activity

apt_report

Interesting APT Report Collection And Some Special IOC

ars0n-framework-dockerized

A Modern Bug Bounty Hunting Framework Packaged in Docker

aspvulnerablelab

Vulnerable ASP based Web Application

awae-prep

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.

awesome-mitre-attack

A curated list of awesome resources related to Mitre ATT&CK™ Framework

blackhole-exploitkit-decoded

I havent found a reasonable version of the BlackHole exploit kit without the ionCube annoyances; so here is a fix for that problem :) Please keep in mind that these files have been decoded and shared for educational purposes only!

bookmarker

Vulnerable PHP app for Mass Assignment

botnets

This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

bug-bounty-methodology

These are my checklists which I use during my hunting.

crapi

completely ridiculous API (crAPI)

crazycars

Vulnerable web app with crypto weaknesses

cryptomg

CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.

dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

dojo-basic

evilbank

Vulnerable web app with captcha weaknesses

failpics

Vulnerable web app with URL tamper protection weakness

fuzzing-templates

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

ghostwriter

The SpecterOps project management and reporting engine

goad

game of active directory

malleable-c2-profiles

Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

nucleifuzzer

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications

oauth-exploit-lab

Lab to understand OAuth v2 vulnerabilities and attack techniques.

online_shopping_-system

The Online Shopping System in PHP using XAMPP as virtual Server. This project contains the admin side and user side where a user can view shopping items details, sign up, and buy products online. While the admin can add items and users, products, manage them, and soon.

osce3-complete-guide

OSWE, OSEP, OSED, OSEE

oswe-prep

Useful tips and resources for preparing for the AWAE exam.

owasp-testing-guide-v5

The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.

owaspwebgoatphp

A deliberately vulnerable web application for learning web application security.

paramspider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing