Repository for researching and hunting vulnerabilities in the real-world scenario as well as automating them.
Started: 18th August 2024
Key:
✔️ : Completed
❌ : Incomplete
⭕ : In progress
◼️ : Web Application Notes
◻️ : Mobile Application Notes
- [✔️] Read about XSS through PDF
- [✔️] ◼️: Researched on automating enumeration techniques.
- [✔️] ◻️: Understanding SSL Pinning and learning Frida.
- [✔️] Researched on nuclei templates and reviewed basic tools such as subdomainer and httpx for recon.
- [✔️] Researched on axiom and shadowclone for recon.
- [✔️] Understanding SSL Pinning and learning Frida.
- [✔️] Overviewed reconnaissance tools
- [✔️] Understanding SSL Pinning and learning Frida.
- [⭕] https://gitlab.com/gitlab-org/gitlab/-/issues/452510
- [✔️] Researched on Shodan
- [✔️] Learning to break SSL Pinng using Frida and scripts from Codeshare.
- [⭕] Read about Stored XSS in diff
- [✔️] Researched on the reconnaissance for starting penetration testing.
- [✔️] Researched on mobile penetration testing through r2frida
- [✔️] Researched on client side vulnerabilities through the work of Youssef Sammouda
- [✔️] Researched on the tool netlas.io, used for recon.
- [✔️] Started Beyond XSS Chapter 1
- [⭕]
- [✔️] Researched on GAU and GAUplus for reconnaissance.
- [✔️] Completed Beyond XSS Chapter 1
- [⭕]
- [✔️] Researched further on reconnaissance for penetration testing.
- [✔️] Started Beyond XSS Chapter 2
- [⭕]
- [✔️] Multiple Recon techniques and automated XSS techniques in this article.
- [✔️] Completed Beyond XSS Chapter 2
- [⭕]
- [✔️] Watched live recon by Tomnomnom and Nahamsec on Youtube.
- [⭕]
- [⭕]
- [✔️] Used netlas.io to enumerate Github.com
- [⭕]
- [⭕]
- [✔️] Analyzed netlas.io results w.r.t Github.com
- [⭕]
- [⭕]
- [⭕] Checked out a list of search engines for recon.
- [⭕]
- [⭕]