Awesome List Updates on Feb 23, 2018
10 awesome lists updated today.
🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor
1. Awesome Geek Podcasts
- Les Cast Codeurs — Podcast provided from and for developers. Latest news on Java ecosystem and development in general. Hosted by Emmanuel Bernard (JBoss, Hibernate), Arnaud Héritier (CloudBees, Jenkins), Guillaume Laforge (Google, Groovy), Antonio Goncalves (freelance, auteur), Vincent Massol (XWiki, Maven), Audrey Neveu (Saagie, Devoxx4Kids).
2. Awesome Python
- Metrics (⭐1.6k) - Machine learning evaluation metrics.
3. Awesome D3
- oecd-simple-charts (⭐20) - Simple charting library [box plot, stacked bar, pearl chart]
4. Free for Dev
IDE and Code Editing
- fakejson.com — FakeJSON helps you quickly generate fake data using its API. Make an API request describing what you want and how you want it. The API returns it all in JSON. Speed up the go to market process for ideas and fake it till you make it.
5. Awesome Dotnet Core
Frameworks, Libraries and Tools / CMS
- Cofoundry (⭐752) - Open source .NET Core CMS and modular application framework. Code-first, unobtrusive and extensible.
6. Awesome Swift
Third party Guides
- SwiftTips (⭐3.9k) - A collection of useful tips by John Sundell.
Maps / Barcode
- FlyoverKit (⭐693) - FlyoverKit enables you to present stunning 360° flyover views on your MKMapView with zero effort while maintaining full configuration possibilities.
Menu / Barcode
- Parchment (⭐3.1k) - A paging view controller with a highly customizable menu, built on UICollectionView.
7. Awesome Algorithms Education
Interviews / Advanced
Books / Advanced
Miscellaneous / Advanced
8. Awesome Saltstack
- The Simplest Way to Learn SaltStack - Start to learn the basics of SaltStack by setting it up in Docker.
Blogposts and opinions
- Using Salt like Ansible - How to use Salt in a way similar to Ansible.
9. Awesome Web Security
- Phrack Magazine - Ezine written by and for hackers.
- The Hacker News - Security in a serious way.
- Security Weekly - The security podcast network.
- The Register - Biting the hand that feeds IT.
- Dark Reading - Connecting The Information Security Community.
- HackDig - Dig high-quality web security articles for hacker.
- HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?) - Written by @_m0bius.
XXE - XML eXternal Entity
CSRF - Cross-Site Request Forgery
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from Rhino Security Labs.
Sub Domain Enumeration
- Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities - Written by @Brett Buerhaus.
- Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) - Written by @malerisch and @steventseeley.
Remote Code Execution
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! - Written by Orange.
- ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else - Written by Mario Heiderich.
- DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS - Written by Sebastian Lekies, Krzysztof Kotowicz, and Eduardo Vela.
Frontend (like SOP bypass, URL spoofing, and something like that)
- IE11 Information disclosure - local file detection - Written by James Lee.
Backend (core of Browser implementation, and often refers to C or C++ part)
- SSD Advisory – Chrome Turbofan Remote Code Execution - Written by SecuriTeam Secure Disclosure (SSD).
Reconnaissance / OSINT - Open-Source Intelligence
- Censys - Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet by University of Michigan.
- NSFOCUS - THREAT INTELLIGENCE PORTAL by NSFOCUS GLOBAL.
- FOCA (⭐2.1k) - FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans by ElevenPaths.
- xray (⭐1.8k) - XRay is a tool for recon, mapping and OSINT gathering from public networks by @evilsocket.
- raven (⭐752) - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin by @0x09AL.
Reconnaissance / Sub Domain Enumeration
- EyeWitness (⭐3.8k) - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible by @ChrisTruncer.
- domain_analyzer (⭐1.7k) - Analyze the security of any domain by finding all the information possible by @eldraco.
- Certificate Transparency (⭐827) - Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system by @google.
- Certificate Search - Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID to search certificate(s) by @crtsh.
Code Generating / Sub Domain Enumeration
Fuzzing / Sub Domain Enumeration
- charsetinspect (⭐26) - Script that inspects multi-byte character sets looking for characters with specific user-defined properties by @hack-all-the-things.
Penetration Testing / Sub Domain Enumeration
- Burp Suite - Burp Suite is an integrated platform for performing security testing of web applications by portswigger.
Offensive / XSS - Cross-Site Scripting
Offensive / SQL Injection
- sqlmap (⭐25k) - Automatic SQL injection and database takeover tool.
Leaking / Server-Side Request Forgery
- dvcs-ripper (⭐1.5k) - Rip web accessible (distributed) version control systems: SVN/GIT/HG... by @kost.
- CSS-Keylogging (⭐3.1k) - Chrome extension and Express server that exploits keylogging abilities of CSS by @maxchehab.
Detecting / Server-Side Request Forgery
- repo-supervisor (⭐580) - Scan your code for security misconfiguration, search for passwords and secrets.
Preventing / Server-Side Request Forgery
- js-xss (⭐4.7k) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by @leizongmin.
Proxy / Server-Side Request Forgery
- Charles - HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.
- mitmproxy (⭐29k) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers by @mitmproxy.
Webshell / Server-Side Request Forgery
Disassembler / Server-Side Request Forgery
Others / Server-Side Request Forgery
- CyberChef (⭐19k) - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by @GCHQ.
Social Engineering Database / Server-Side Request Forgery
- haveibeenpwned - Check if you have an account that has been compromised in a data breach by Troy Hunt.
Blogs / Server-Side Request Forgery
- Orange - Taiwan's talented web penetrator.
- leavesongs - China's talented web penetrator.
- Broken Browser - Fun with Browser Vulnerabilities.
- Scrutiny - Internet Security through Web Browsers by Dhiraj Mishra.
- BRETT BUERHAUS - Vulnerability disclosures and rambles on application security.
- n0tr00t - ~# n0tr00t Security Team.
- OpnSec - Open Mind Security!
Twitter Users / Server-Side Request Forgery
- @HackwithGitHub - Initiative to showcase open source hacking tools for hackers and pentesters
- @filedescriptor - Active penetrator often tweets and writes useful articles
- @kinugawamasato - Japanese web penetrator.
- @h3xstream - Security Researcher, interested in web security, crypto, pentest, static analysis but most of all, samy is my hero.
- @garethheyes - English web penetrator.
Application / Server-Side Request Forgery
AWS / Server-Side Request Forgery
XSS / Server-Side Request Forgery
- XSS game - Google XSS Challenge - Written by Google.
- prompt(1) to win - Complex 16-Level XSS Challenge held in summer 2014 (+4 Hidden Levels) - Written by @cure53.
- XSS Challenges - Series of XSS challenges - Written by yamagata21.
ModSecurity / OWASP ModSecurity Core Rule Set / Server-Side Request Forgery
- ModSecurity / OWASP ModSecurity Core Rule Set - Series of tutorials to install, configure and tune ModSecurity and the Core Rule Set - Written by @ChrFolini.
Community / Server-Side Request Forgery
Miscellaneous / Server-Side Request Forgery
- awesome-bug-bounty (⭐3.5k) - Comprehensive curated list of available Bug Bounty & Disclosure Programs and write-ups by @djadmin.
- bug-bounty-reference (⭐3.1k) - List of bug bounty write-up that is categorized by the bug nature by @ngalongc.
- Brute Forcing Your Facebook Email and Phone Number - Written by PwnDizzle.
- Pentest + Exploit dev Cheatsheet wallpaper - Penetration Testing and Exploit Dev CheatSheet.
- The Definitive Security Data Science and Machine Learning Guide - Written by JASON TROS.
- Internet of Things Scanner - Check if your internet-connected devices at home are public on Shodan by BullGuard.
10. Awesome Courses
Courses / Introduction to CS
- CS 107 Programming Paradigms Stanford University