价值1.75万美刀的全回显SSRF
https://hackerone.com/reports/1406938
TikTok SMB子账号接管
https://hackerone.com/reports/1404612
基于X-Forwarded-Host的XSS
https://hackerone.com/reports/1392935
SSRF绕过姿势
https://github.com/cujanovic/SSRF-Testing
使用谷歌标签管理感染网站
https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/
Java自动代码审计工具,尤其针对Spring框架
https://github.com/4ra1n/SpringInspector
CSRF扫描器
https://github.com/s0md3v/Bolt
攻击方对靶标资产梳理,快速定位脆弱资产的网络空间测绘安全工具
https://github.com/binganao/TaiO
