Nasur Ullah's Projects
This challenge is Inon Shkedy's 31 days API Security Tips.
31 Tips for pentesters & security engineers
Multiple Admin Finder Scan With Threads
All about bug bounty (bypasses, payloads, and etc)
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
This script grab public report from hacker one and make some folders with poc videos
A big list of Android Hackerone disclosed reports and other resources.
A collection of android security related resources
Arjun is a HTTP parameter discovery suite.
Simple shell script for automated domain recognition with some tools
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
A collection of awesome API Security tools and resources.
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
A curated list of various bug bounty tools
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
A collection of awesome one-liner scripts especially for bug bounty tips.
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
A curated collection of awesome Regex libraries, tools, frameworks and software
A list of awesome resources for tmux
🔥 Everything about web-application firewalls (WAF).
Toolkit to detect and keep track on Blind XSS, XXE & SSRF
Private vulnerability testing suite
Java RMI enumeration and attack tool.
Bash scripts to get stuff done..