Málaga, Spain

Daniel Púa

Expert
@devploit

Security Researcher · Head of Security @ Magnific

nomore403. 🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

1.8k

awesome-ctf-resources. A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩

777

XORpass. Encoder to bypass WAF filters using XOR operations.

254

debugHunter. Discover hidden debugging parameters and uncover web application secrets

250

CTF_OnlineTools. Repository to index useful online tools for CTF

181

put2win. Script to automate PUT HTTP method exploitation to get shell

126

pwny.cc. Repository of useful payloads and tips for pentesting/bug bounty.

33

unaalmes-writeups. Repository to save all write-ups from UAM challenges

28

SubProbe. ⚡ JavaScript-aware crawler for security researchers and bug bounty hunters. Extract hidden endpoints and internal subdomains through static and semantic analysis of JS files. Lightweight. Fast. Sneaky.

8

pentesting-wiki. I am tired of cherrytree and I think that having useful information online to consult comfortably can be a good option. Feel free to send corrections / extra tips.

4

jwtforge. Attacker-minded, 100% client-side JWT toolkit — decode, audit & forge tokens. Generates alg:none, key-confusion, kid-injection & brute-force attacks with ready-to-run curl/Burp/nuclei exports. The security alternative to jwt.io.

3

devploit.

2

old_devploit.github.io. devploit's linktree

2

ctf-writeups. Repository to store public writeups from some CTFs.

1

blog. SCSS

1

pwnygames_2021. TODO

1
16
Apply