This is your work, valued

Ricardo Iramar dos Santos

Elite
@riramar

Every time count is regressive.

Web-Attack-Cheat-Sheet. Web Attack Cheat Sheet

4.4k

hsecscan. A security scanner for HTTP response headers.

298

h2rs. Detects request smuggling via HTTP/2 downgrades.

94

pubkey-pin-android. Just another example for Android Public Key Pinning (based on OWASP example)

38

h2csmuggler-proxy. This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.

36

DesyncCL0. A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.

35

SmuggleTP. A straightforward tool for exploiting SMTP Smuggling vulnerabilities.

14

bc2telegram. Simple script to report Burp Collaborator interactions to Telegram bot chat

9

headers. Python script to get all response headers from Alexa top sites file and store in a MySQL database.

5

huebrchallenge01. This is my first web challenge called "HueBR Challenge 01".

5

hpdd. This script detects header parsing discrepancies across different proxies in a chain by testing various header mutations and comparing responses.

5

h2csmuggler. HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

4

waymore. Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

3

evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

3

knary. A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark & Pushover support

2

dnsobserver. A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack.

2

smuggler. Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

1

Web-Cache-Vulnerability-Scanner. Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

1

IE11xCORSxSOP. IE11 is not following CORS specification for local files

1

riramar.github.io. HTML

1