Skip to content
0x1RIS Hub
Exploitation Tools
Initializing search
Home
operator
the_path
OffSec
Backend
langs
0x1RIS Hub
Home
operator
operator
who
who
MyStuff
how_i_think
how_i_think
MyMind
MyMind
Analysis & Exploitation
Methodology
Reconnaissance Methodology
Documentation & Reporting
the_path
the_path
start_here
start_here
Intro
First Steps
First Steps
Your First Steps
Getting Started
What's Next
Setting Up Your Environment
Methodology
Methodology
Frameworks
Frameworks
Analysis & Exploitation
Methodology
Reconnaissance Methodology
Documentation & Reporting
Mindset
Mindset
Hacker Mindset
Hacker Mindset
Ethics & Boundaries
Thinking Like a Hacker
Mindset
Persistence
ground_zero
ground_zero
Overview
the_machine
the_machine
Linux Basics
Linux Basics
Essential Linux Commands
Linux Filesystem Hierarchy
Linux Mastery
Linux Networking
Linux Permissions Model
Linux Processes
Windows Basics
Windows Basics
Active Directory
CMD and PowerShell
Windows Filesystem
Windows Mastery
Windows Security
Android Basics
Android Basics
ADB and Android Tooling
Android Mastery
Android Permissions Model
Android Reverse Engineering
Networking Basics
Networking Basics
DNS
HTTP
Networking Mastery
TCP/IP Model
Network Troubleshooting
threat_brain
threat_brain
Cryptography
Cryptography
Asymmetric Encryption
Hashing
Cryptography
Practical Cryptography
Symmetric Encryption
DFIR
DFIR
Evidence Acquisition
Forensic Analysis
Digital Forensics and Incident Response
Linux Forensics
Windows Forensics
Reverse Engineering
Reverse Engineering
Binary Formats
Dynamic Analysis
Reverse Engineering
Static Analysis
Reverse Engineering Tools
Threat Modeling
Threat Modeling
Threat Modeling Diagrams
DREAD
Threat Modeling
STRIDE
hands_dirty
hands_dirty
Scripting Essentials
Scripting Essentials
Automation Patterns
Bash Scripting
Scripting Essentials
Python for Security
Virtualization
Virtualization
Docker
Virtualization
VirtualBox
VMware
Lab Setup
Lab Setup
Lab Setup
Lab Networking
Vulnerable VMs
Lab Workflow
OffSec
OffSec
Overview
Reconnaissance
Reconnaissance
Recon Techniques
Recon Techniques
00_reconnaissance - Reconnaissance
00_passive
00_passive
Archive Analysis
Breach Databases
Code Repositories OSINT
OSINT Introduction
Social Media OSINT
01_active
01_active
DNS Enumeration
Port Scanning
Service Fingerprinting
Subdomain Enumeration
02_analysis
02_analysis
Cloud Assets
JavaScript Analysis
Screenshotting
Technology Detection
03_operations
03_operations
Recon Case Studies
Recon Checklist
Vulnerability Analysis
Vulnerability Analysis
Vuln Research
Vuln Research
vulnerability guides - Vulnerability Analysis & Exploitation Guides
Misconfigurations
Vuln Checklist
authentication-bypass
authentication-bypass
Authentication Bypass Attack Vectors
Authentication Bypass Case Studies
Authentication Bypass Exploitation
Authentication Bypass
Authentication Bypass Mitigations
authorization-bypass
authorization-bypass
Authorization Bypass Attack Vectors
Authorization Bypass Case Studies
Authorization Bypass Exploitation
Authorization Bypass
Authorization Bypass Mitigations
command-injection
command-injection
Command Injection Attack Vectors: Real-World Scenarios
Case Studies: Command Injection in the Wild
Exploiting OS Command Injection
Introduction to Command Injection Vulnerabilities
Mitigating OS Command Injection
csrf
csrf
Case Studies
Exploitation
Introduction to Cross-Site Request Forgery (CSRF) Vulnerabilities
CSRF Mitigation Strategies and Best Practices
deserialization
deserialization
Case Studies
Exploitation
Intro
Mitigations
file-upload
file-upload
Bypasses
Case Studies
Exploitation
Intro
Mitigations
http-request-smuggling
http-request-smuggling
Case Studies
Exploitation
Intro
Mitigations
idor
idor
Case Studies
Exploitation
Intro
Mitigations
lfi
lfi
Case Studies: From LFI to RCE and Beyond
Exploitation
Introduction to Local File Inclusion (LFI)
Mitigations
open-redirect
open-redirect
Exploitation
Intro
Mitigations
race-conditions
race-conditions
Exploitation
Intro
Mitigations
rce
rce
Case Studies
Exploitation
Intro
Mitigations
rfi
rfi
Case Studies
Exploitation
Intro
Mitigations
sqli
sqli
Advanced SQL Injection Techniques
Introduction to Blind SQL Injection
Boolean-Based Blind SQL Injection
Case Study: SQLi in a Product Filtering Mechanism
Error-Based SQL Injection
Introduction to SQL Injection (SQLi)
Time-Based Blind SQL Injection
Union-Based SQL Injection
ssrf
ssrf
Case Studies
Exploitation
Intro
Mitigations
template-injection
template-injection
Exploitation
Intro
Mitigations
xss
xss
Blind Xss
Case Studies
Dom Xss
Intro
Mutation Xss
Reflected Xss
Stored Xss
Waf Bypass
Active Directory
Active Directory
AD Attacks
AD Attacks
AD Enumeration , You Can't Hit What You Can't See
Active Directory Security , The Real-World Field Manual
Kerberos Authentication - The Three-Headed Dog of AD
Common Active Directory Misconfigurations - Where Security Breaks
NTLM Authentication - The Protocol That Won't Die
Active Directory Security Best Practices - Building a Secure Foundation
Android Pentesting
Android Pentesting
Android Hacking
Android Hacking
Android Component Testing - When Apps Talk Too Much
Android Dynamic Analysis - Watching Apps in Action
Android Penetration Testing Documentation - The Complete Guide
Android Runtime Instrumentation - Hooking Into Apps
Android Network Security Testing - Watching Apps Talk
Android Static Analysis - Reading Apps Like Books
Android Storage Security Testing - Finding Data That Shouldn't Be There
Tools & Automation
Tools & Automation
Custom Tools
Custom Tools
tools-and-03_automation - Security Tools & Automation
00_recon
00_recon
Burp Tricks
Nmap Tricks
Recon Tools
01_exploit
01_exploit
Exploitation Tools
Fuzzing Tools
Metasploit Tricks
Post Exploitation Tools
02_reverse
02_reverse
Docker Tools
Wireless Tools
03_automation
03_automation
Automation Scripts
Custom ReconX
Reporting Tools
Zap Tricks
Payloads & Wordlists
Payloads & Wordlists
Payload Library
Payload Library
Index
Payload Generation
payloads-library
payloads-library
Command Injection
Deserialization
Lfi Rfi
Rce
Smuggling
Sqli
Ssrf
Upload Bypass
Xss
wordlists-collection
wordlists-collection
Cloud Enumeration
Custom Wordlists
Directories
Fuzzing
Parameters
Passwords
Subdomains
Exploitation
Exploitation
Exploit Dev
Exploit Dev
Api Exploitation
Cloud Exploitation
Index
Iot Attacks
Mobile Exploitation
Network Exploitation
Social Engineering
Web Exploitation
Wireless Attacks
binary-exploitation
binary-exploitation
Binary Case Studies
Buffer Overflow
Format Strings
Heap Overflow
Intro
Ret2libc
Rop
Srop
Use After Free
Advanced Techniques
Advanced Techniques
Post-Exploitation
Post-Exploitation
Container Escapes
Evasion And Obfuscation
Heap Spraying
Index
Kernel Exploits
Lateral Movement
Memory Corruption
Mitm Attacks
Persistence Techniques
Sandbox Escapes
privilege-escalation
privilege-escalation
Docker
Escalation Checklist
Kubernetes
Linux
Windows
Reporting & Writeups
Reporting & Writeups
Report Templates
Report Templates
Bounty Tips
Bug Bounty Case Studies
Bug Report Template
Communication Tips
Ctf Writeups
Disclosure Guidelines
reporting-and-writeups - Reporting & Writeups
Report Checklist
Writeup Examples
Learning Resources
Learning Resources
Cert Prep
Cert Prep
Blogs
Books
Certifications
Communities
Index
Labs And Platforms
Newsletters
Podcasts
Youtube Channels
Backend
Backend
Overview
Node.js
Node.js
Node.js Basics
Node.js Basics
Node.js
00_node-intro
00_node-intro
node_00 - Node.js HOME
node_01 - Node Introduction
node_02 - Getting Started with Node
node_03 - JavaScript Requirements
node_04 - Node.js vs Browser JavaScript
node_05 - Node.js Command Line
node_06 - The V8 Engine
node_07 - Node Architecture
node_08 - The Event Loop
01_async
01_async
async_01 - Async Concepts
async_02 - Promises
async_03 - Async/Await
async_04 - Error Handling
02_modules
02_modules
mod_01 - CommonJS Modules
mod_02 - ES Modules
mod_03 - NPM Essentials
mod_04 - package.json
mod_05 - npm Scripts
mod_06 - Managing Dependencies
mod_07 - Publishing Packages
03_core-modules
03_core-modules
Core 01 fs
Core 02 path
Core 03 os
Core 04 events
Core 05 buffers
Core 06 streams
Core 07 zlib
Core 08 net
Core 09 dns
Core 10 util
Core 11 url
04_web
04_web
HTTP Module - The Backbone of Node.js Web Servers
HTTPS Module - Wrapping HTTP in TLS
Manual Routing - No Framework , No Safety Net
Middleware Concepts - Function Stack That Processes Requests
Sessions and Cookies - State in a Stateless Protocol
Templating Engines - Server-Side Rendering
Serving Static Files - Assets Without Server Logic
Building RESTful APIs - Resources Over RPC
WebSockets - Full-Duplex Communication Over TCP
05_security
05_security
OWASP Top 10 in Node.js
Crypto Module
Input Validation and Sanitization
Authentication in Node
Helmet.js and Security Headers
Rate Limiting and DoS Protection
Dependency Security
Secure Configuration
Security Logging and Monitoring
06_testing
06_testing
Testing in Node - Why You Need It Not Just Want It
Testing with Jest - The Heavy Lifter
Mocking and Stubbing - Don't Touch the Network
Integration Testing - Real Dependencies , Real Confidence
Debugging Node.js - When console.log Is Not Enough
End-to-End Testing - Like a User , But Automated
07_performance
07_performance
Profiling and Optimization - Make It Fast , Not Just Correct
Clustering and Scaling - One Thread Is Never Enough
Load Testing - Break It Before Production Does
08_databases
08_databases
Database Connections
SQL Databases
NoSQL Databases
ORMs and Query Builders
Redis Deep Dive
Database Migrations
09_deployment
09_deployment
Environment Setup for Node.js Deployments
PM2 Process Manager
CI/CD Pipelines for Node.js
Reverse Proxy with Nginx
Monitoring and Logging
10_advanced
10_advanced
Child Processes
Worker Threads
C++ Addons (N-API)
Service Workers in Node Context
Building CLI Apps in Node
Advanced Stream Patterns
11_reference
11_reference
EventEmitter API Reference
Built-in Module Quick Reference
Resources and Next Steps
Express / Fastify
Express / Fastify
Express.js
Express.js
Express.js
express-core
express-core
Express HOME
Express Intro
Get Started
Routing
Middleware
Static Files
Error Handling
Templating
Form Data
Cookies
Sessions
Auth in Express
Security
Input Validation
Database Integration
REST API Patterns
Testing Express Apps
Deployment
Next.js
Next.js
Next.js
Next.js
Next.js
next-core
next-core
Next HOME
Next Intro
Next Get Started
Next Routing Deep Dive
Next Navigation
Next Rendering Strategies
Next Data Fetching
Next Server Actions
Next API Routes
Next Auth
Next Security Hardening
Next Middleware
Next Env & Config
Next Deployment
Next Performance & Optimization
NestJS
NestJS
NestJS
NestJS
NestJS
nest-core
nest-core
nest_00_home - NestJS HOME
nest_01_intro - Installation & First App
nest_02_get_started - App Bootstrap & CLI Deep Dive
nest_03_controllers - Controllers & Request Handling
nest_04_providers - Providers & Dependency Injection
nest_05_modules - Modules & Module Patterns
nest_06_middleware - Middleware
nest_07_guards - Guards & Authorization
nest_08_interceptors - Interceptors
nest_09_pipes - Pipes & Validation
nest_10_filters - Exception Filters
nest_11_auth - Authentication & Passport
nest_12_security - Security Best Practices
nest_13_database - Database Integration
nest_14_testing - Testing
nest_15_deploy - Deployment
Databases
Databases
DB Design
DB Design
Databases
00_general
00_general
Databases HOME
Database Migrations
DB Resources
01_postgres
01_postgres
PostgreSQL Intro
PostgreSQL CRUD Operations
Indexes & Performance
Advanced Postgres
Postgres Security
02_mongodb
02_mongodb
MongoDB Intro
MongoDB CRUD
MongoDB Indexing
MongoDB Security
03_redis
03_redis
Redis Intro
Redis Patterns
Redis Security
04_sqlite
04_sqlite
SQLite - The Database Everywhere
05_prisma
05_prisma
Prisma Intro
Advanced Prisma
DevOps
DevOps
DevOps Tools
DevOps Tools
DevOps
devops-core
devops-core
DevOps HOME
Docker Intro
Dockerfiles
Docker Compose
Container Security
CI/CD Intro
GitHub Actions
Environment Management
Secrets in Deployments
Scaling Backend Apps
Monitoring & Observability
Kubernetes Intro
Coming Next
Coming Next
Upcoming Topics
Upcoming Topics
Upcoming Topics
Upcoming Content
GraphQL
WebSockets
Microservices
Serverless
Message Queues
What's Next
langs
langs
Overview
Shell Scripting
Shell Scripting
Bash & Zsh
Bash & Zsh
Bash
Shell Scripting
PowerShell
Regex
Compiled Languages
Compiled Languages
C/C++/Rust
C/C++/Rust
C
C++
Go
Compiled Languages
Java
Kotlin
Rust
Web Languages
Web Languages
JS/TS/CSS
JS/TS/CSS
HTML & CSS
Web Languages
JavaScript
PHP
TypeScript
Data & Scripting
Data & Scripting
Python & SQL
Python & SQL
Data & Scripting
Python
SQL
Node.js
Node.js
Node.js
Node.js
nodejs - Node.js as a Language
Home
OffSec
Tools & Automation
Custom Tools
01_exploit
Exploitation Tools
¶