Skip to content

skraft9/vulnerability-research

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

127 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ethical Warning: Research, educational, and authorized testing purposes only. Please do not use against systems without permission.


🛠️ Popular Tools For Vulnerability Research

  • CodeQL — Heavyweight source code analysis. Turns code into a queryable database to hunt for complex patterns.
  • Semgrep — Lightweight static analysis. Excellent for quickly "grepping" for dangerous function calls across large codebases.
  • GDB — Debugger tool. Allows you to see what is going on inside an application while it executes or crashes.
  • Ghidra — Reverse engineering framework created by the NSA.
  • Trufflehog — Find, verify, and analyze leaked credentials.
  • Caido — Modern, lightweight web proxy (alternative to Burp Suite).
  • RequestBin — HTTP request bins and DNS testing. Useful for SSRF testing.
  • Beeceptor — Create mock APIs with custom rules. Useful for SSRF testing.
  • URL Decoder/Encoder — Decode & Encode JavaScript URLs.
  • Dalfox — Powerful automated XSS scanner.
  • XSSHunter — Catch Blind XSS callbacks.

📋 Vulnerability Report Template

Standardized format for drafting vulnerability reports.


✍️ Write-Ups

Educational blogs from my vulnerability hunts.


🧭 Methodology & Guidance

The mental frameworks and strategic approaches for vulnerability research.


📑 Research Cheatsheets

Cheatsheet Focus Area
SQL Injection (SQLi) Detection, Union-based extraction, Blind timing attacks, and Out-of-Band exfiltration.
XSS Payloads Context-specific vectors, Modern WAF evasion, Polyglots, and Client-Side Template Injection.
Authentication & Identity Authentication bypass techniques and defensive mitigation strategies for JWT, OAuth, and SAML
SSRF & Cloud Cloud metadata endpoints (AWS, GCP, Azure), protocol wrappers, and filter bypasses.
RCE & Command Injection Separator logic, space/character evasion (Linux/Windows), and Blind RCE techniques.
Dangerous Functions White-box source code review patterns for C, PHP, Python, and Java.
Patch Diffing Workflow for analyzing N-Day vulnerabilities, diffing commits, and hunting for variants.
Linux Commands CLI reference guide for Linux Commands.
Reverse Engineering GDB & Ghidra Cheatsheet.

🎯 Custom Scripts

Automation scripts for reconnaissance, fuzzing, and impact measurement.

Automates subdomain enumeration and live host detection.

  • Requirements: subfinder, httpx-toolkit
  • Usage: Enumerates subdomains and checks for live web servers.

Automated directory and parameter fuzzing wrapper.

  • Requirements: ffuf, SecLists (or custom wordlists)
  • Configuration: Update headers with your username/email in the script before running.

Python script to measure service availability and latency impact during Denial of Service (DoS) testing. Currently configured to monitor Elasticsearch instances.

  • Requirements: requests, urllib3
  • Usage: Tracks response times and logs critical latency thresholds against target endpoints to quantify availability impact.
image

About

Collection of documentation, tools, and tips related to vulnerability research.

Resources

Stars

89 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors