awesome-infosec

Personal infosec awesome list. Highly subjective by nature.

GitHub Stars

Curated Resources

Use this list with your AI agent

Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:

"Show me deserialization resources from awesome-infosec"

ambionics/phpggcDeserialization
PHPGGC is a library of PHP
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!URL Parsers
BlackHat talk by Orange Tsai discussing how different libs parse URLs
AwesomeXSSXSS
Awesome Page about XSS.
Breaking XSS mitigations via Script GadgetsXSS
Conference talk from 2017 explaining various CSP bypasses using Script Gadgets
Code Reuse Attacks in PHP: Automated POP Chain GenerationDeserialization
Using static analytics to automatically identify POP chains in various PHP frameworks.
Cross-site scripting contextsXSS
Portswigger XSS context breakouts.

A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF…
a complex bug chain consisting of an insecure message event listener, a shoddy JSONP endpoint, a WAF bypass, DOM-based XSS on an out-of-scope subdomain, and a permissive CORS configuration
CVE-2023-36844 and Friends: RCE in Juniper Devices
Utilising two bugs that would be near-useless in isolation and combining them to unauthenticated RCE
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
iframe, postMessage and XSS
WordPress Transposh: Exploiting a Blind SQL Injection via XSS
combining three CVEs using weak default config, using stored XSS, and blind SQL
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
XML External Entity injection (XXE) vulnerability combined with request smuggling

Showing a sample of 37 resources. View the full list on GitHub →