My explanation of how I found 15 CVEs in 3 nights and my tips on how you can too!
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
Denial of Service discovered against Fossil SCM when running on Windows boxes.
A great alternative to have for web discovery during web app pen tests or bug bounties.
A tool to create parameter wordlists of whatever domains (and subdomains) via the internet archive (wayback machine)!
Extremely useful and impressive wordlist generator and much more; cook.
Tool for bypassing WAFs using permutations and combinations of the payloads you already have.
Another Repo of Web Application and API Bug Bounty, Penetration test and security assessment documents, reports and more!