pentesting

Hello spoooopyyy hackers 🎃

This is a Hacktoberfest only issue! 👻

This is also data-sciency!

The Problem

Our English dictionary contains words that aren't English, and does not contain common English words.

Examples of non-common words in the dictionary:

"hlithskjalf",
  "hlorrithi",
  "hlqn",
  "hm",
  "hny",
  "ho",
  "hoactzin",
  "hoactzine

App Attest allows your app to attach a hardware-backed assertion as a part of the request. Your server can use assertion to verify the request came from your genuine app, on a genuine Apple device.

https://developer.apple.com/videos/play/wwdc2021/10244/

https://developer.apple.com/documentation/devicecheck/assessing_fraud_risk

https://developer.apple.com/documentation/bundleresources/entit

I testing bruteforce my opencart store.

this is body request:

-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="username"

^USER^
-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="password"

^PASS^
-----------------------------34237939373614592773956005873
Content-Disposition: form-dat

Can we have a feature where a normal brute force is running based on HTTP response like 403/401 do a recursive brute force on that endpoint?

⭐ Challenge idea

Description

Several users originally missing security question answers - most notably bjoern.k

RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.

Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:

[!]
[~]
[>]
| {}

If any of these characters appear in any of the tests, fail the CI. E

Merge /Testing_for_Vertical_Bypassing_Authorization_Schema_WSTG-AUTHZ-00X.md into 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md

Is there a way to skip the nmap scan and go straight to the attacking routes? In case i already know the target list is full of open rtsp port IPs.

pentesting

Here are 1,777 public repositories matching this topic...

sqlmapproject / sqlmap

blaCCkHatHacEEkr / PENTESTING-BIBLE

qeeqbox / social-analyzer

Ciphey / Ciphey

The Problem

OWASP / owasp-mstg

maurosoria / dirsearch

n1nj4sec / pupy

smicallef / spiderfoot

infosecn1nja / Red-Teaming-Toolkit

vanhauser-thc / thc-hydra

byt3bl33d3r / CrackMapExec

ffuf / ffuf

OJ / gobuster

bkimminich / juice-shop

⭐ Challenge idea

Description

RustScan / RustScan

rmusser01 / Infosec_Reference

v1s1t0r1sh3r3 / airgeddon

TheKingOfDuck / fuzzDicts

dstotijn / hetty

OWASP / wstg

OlivierLaflamme / Cheatsheet-God

urbanadventurer / WhatWeb

infobyte / faraday

ysrc / xunfeng

carlospolop / hacktricks

arismelachroinos / lscript

tanprathan / MobileApp-Pentest-Cheatsheet

bluscreenofjeff / Red-Team-Infrastructure-Wiki

commixproject / commix

Ullaakut / cameradar

Improve this page

Add this topic to your repo