Skip to content
View harisec's full-sized avatar
64 followers · 244 following

Achievements

Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Starstruckx2Achievement: Arctic Code Vault Contributor

Block or report harisec

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. Invicti-Security/brainstormInvicti-Security/brainstormPublic

    A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery

    Python 379 54

  2. Invicti-Security/web-inf-path-travInvicti-Security/web-inf-path-travPublic

    Tool for helping in the exploitation of path traversal vulnerabilities in Java web applications

    Python 33 5

  3. quick primer on how to exploit path ...quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
    1
    so, you can read WEB-INF/web.xml. how can you escalate this issue?
    2
    3
    [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. 
    4
    5
    use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan):
  4. orange-confusion-attacksorange-confusion-attacksPublic
     Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! 
    PHP 20  7 
  5. o1-vs-claudeo1-vs-claudePublic
     OpenAI o1-preview vs Claude 3.5 Sonnet comparison 
     5  1 
  6. client-side-prototype-pollution-expo...client-side-prototype-pollution-expoitation.md
    1
    I was trying to exploit a client-side prototype pollution and nothing was working.
    2
    3
    I figured out that if you try to use a script gadget by visiting a URL like this dirrectly:
    4
    5
    ```