Skip to content

Latest commit

 

History

History
75 lines (56 loc) · 4.42 KB

File metadata and controls

75 lines (56 loc) · 4.42 KB

Ethical Warning: Research, educational, and authorized testing purposes only. Please do not use against systems without permission.


🛠️ Popular Tools For Vulnerability Research

  • CodeQL — Heavyweight source code analysis. Turns code into a queryable database to hunt for complex patterns.
  • Semgrep — Lightweight static analysis. Excellent for quickly "grepping" for dangerous function calls across large codebases.
  • GDB — Debugger tool. Allows you to see what is going on inside an application while it executes or crashes.
  • Ghidra — Reverse engineering framework created by the NSA.
  • Trufflehog — Find, verify, and analyze leaked credentials.
  • Caido — Modern, lightweight web proxy (alternative to Burp Suite).
  • RequestBin — HTTP request bins and DNS testing. Useful for SSRF testing.
  • Beeceptor — Create mock APIs with custom rules. Useful for SSRF testing.
  • URL Decoder/Encoder — Decode & Encode JavaScript URLs.
  • Dalfox — Powerful automated XSS scanner.
  • XSSHunter — Catch Blind XSS callbacks.

📋 Vulnerability Report Template

Standardized format for drafting vulnerability reports.


✍️ Write-Ups

Educational blogs from my vulnerability hunts.


🧭 Methodology & Guidance

The mental frameworks and strategic approaches for vulnerability research.


📑 Research Cheatsheets

Cheatsheet Focus Area
SQL Injection (SQLi) Detection, Union-based extraction, Blind timing attacks, and Out-of-Band exfiltration.
XSS Payloads Context-specific vectors, Modern WAF evasion, Polyglots, and Client-Side Template Injection.
Authentication & Identity Authentication bypass techniques and defensive mitigation strategies for JWT, OAuth, and SAML
SSRF & Cloud Cloud metadata endpoints (AWS, GCP, Azure), protocol wrappers, and filter bypasses.
RCE & Command Injection Separator logic, space/character evasion (Linux/Windows), and Blind RCE techniques.
Dangerous Functions White-box source code review patterns for C, PHP, Python, and Java.
Patch Diffing Workflow for analyzing N-Day vulnerabilities, diffing commits, and hunting for variants.
Linux Commands CLI reference guide for Linux Commands.
Reverse Engineering GDB & Ghidra Cheatsheet.

🎯 Custom Scripts

Automation scripts for reconnaissance, fuzzing, and impact measurement.

Automates subdomain enumeration and live host detection.

  • Requirements: subfinder, httpx-toolkit
  • Usage: Enumerates subdomains and checks for live web servers.

Automated directory and parameter fuzzing wrapper.

  • Requirements: ffuf, SecLists (or custom wordlists)
  • Configuration: Update headers with your username/email in the script before running.

Python script to measure service availability and latency impact during Denial of Service (DoS) testing. Currently configured to monitor Elasticsearch instances.

  • Requirements: requests, urllib3
  • Usage: Tracks response times and logs critical latency thresholds against target endpoints to quantify availability impact.
image