[ { "path": ".github/ISSUE_TEMPLATE/bug_report.md", "content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: \"[BUG] \"\nlabels: bug\nassignees: ''\n\n---\n\n**Describe the bug**\nA clear and concise description of what the bug is.\n\n**To Reproduce**\nSteps to reproduce the behavior:\n1. Go to '...'\n2. Click on '....'\n3. Scroll down to '....'\n4. See error\n\n**Expected behavior**\nA clear and concise description of what you expected to happen.\n\n**Screenshots**\nIf applicable, add screenshots to help explain your problem.\n\n**Desktop (please complete the following information):**\n - OS: [e.g. iOS]\n - Browser [e.g. chrome, safari]\n - Version [e.g. 22]\n\n**Smartphone (please complete the following information):**\n - Device: [e.g. iPhone6]\n - OS: [e.g. iOS8.1]\n - Browser [e.g. stock browser, safari]\n - Version [e.g. 22]\n\n**Additional context**\nAdd any other context about the problem here.\n" }, { "path": ".github/ISSUE_TEMPLATE/content-feature-request.md", "content": "---\nname: Content Feature request\nabout: Suggest an idea for this project\ntitle: \"[CONTENT] \"\nlabels: 'content request'\nassignees: ''\n\n---\n\n**Is your content request driven by a specific need or issue? Please elaborate.**\nA clear and concise explanation of the issue or need prompting your request. For example, \"I often find it challenging when...\"\n\n**What specific content are you hoping to see added?**\nDescribe clearly and precisely what content you would like to see included.\n\n**Additional context**\nAdd any other context or screenshots about the feature request here.\n" }, { "path": ".github/ISSUE_TEMPLATE/feature_request.md", "content": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: \"[FEATURE] \"\nlabels: 'feature request'\nassignees: ''\n\n---\n\n**Is your feature request related to a problem? Please describe.**\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\nAdd any other context or screenshots about the feature request here.\n" }, { "path": ".gitignore", "content": ".DS_Store\n.jekyll-cache/\n.jekyll-metadata\n.sass-cache/\nGemfile.lock\n_site/\nvendor/\n" }, { "path": "404.html", "content": "---\nlayout: default\n---\n\n
\n
\n

404

\n\n

Page not found :(

\n

The requested page could not be found.

\n
\n
\n" }, { "path": "CNAME", "content": "www.hacker101.com" }, { "path": "Gemfile", "content": "source \"https://rubygems.org\"\n\ngem \"github-pages\", group: :jekyll_plugins\n\ngem \"webrick\", \"~> 1.8\"\n" }, { "path": "LICENSE", "content": "Copyright © 2020 HackerOne Inc.\nThis work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License:\n\nAttribution-NonCommercial-ShareAlike 4.0 International\n\n=======================================================================\n\nCreative Commons Corporation (\"Creative Commons\") is not a law firm and\ndoes not provide legal services or legal advice. Distribution of\nCreative Commons public licenses does not create a lawyer-client or\nother relationship. Creative Commons makes its licenses and related\ninformation available on an \"as-is\" basis. Creative Commons gives no\nwarranties regarding its licenses, any material licensed under their\nterms and conditions, or any related information. Creative Commons\ndisclaims all liability for damages resulting from their use to the\nfullest extent possible.\n\nUsing Creative Commons Public Licenses\n\nCreative Commons public licenses provide a standard set of terms and\nconditions that creators and other rights holders may use to share\noriginal works of authorship and other material subject to copyright\nand certain other rights specified in the public license below. The\nfollowing considerations are for informational purposes only, are not\nexhaustive, and do not form part of our licenses.\n\n Considerations for licensors: Our public licenses are\n intended for use by those authorized to give the public\n permission to use material in ways otherwise restricted by\n copyright and certain other rights. Our licenses are\n irrevocable. Licensors should read and understand the terms\n and conditions of the license they choose before applying it.\n Licensors should also secure all rights necessary before\n applying our licenses so that the public can reuse the\n material as expected. Licensors should clearly mark any\n material not subject to the license. This includes other CC-\n licensed material, or material used under an exception or\n limitation to copyright. More considerations for licensors:\n\twiki.creativecommons.org/Considerations_for_licensors\n\n Considerations for the public: By using one of our public\n licenses, a licensor grants the public permission to use the\n licensed material under specified terms and conditions. If\n the licensor's permission is not necessary for any reason--for\n example, because of any applicable exception or limitation to\n copyright--then that use is not regulated by the license. Our\n licenses grant only permissions under copyright and certain\n other rights that a licensor has authority to grant. Use of\n the licensed material may still be restricted for other\n reasons, including because others have copyright or other\n rights in the material. A licensor may make special requests,\n such as asking that all changes be marked or described.\n Although not required by our licenses, you are encouraged to\n respect those requests where reasonable. More_considerations\n for the public: \n\twiki.creativecommons.org/Considerations_for_licensees\n\n=======================================================================\n\nCreative Commons Attribution-NonCommercial-ShareAlike 4.0 International\nPublic License\n\nBy exercising the Licensed Rights (defined below), You accept and agree\nto be bound by the terms and conditions of this Creative Commons\nAttribution-NonCommercial-ShareAlike 4.0 International Public License\n(\"Public License\"). To the extent this Public License may be\ninterpreted as a contract, You are granted the Licensed Rights in\nconsideration of Your acceptance of these terms and conditions, and the\nLicensor grants You such rights in consideration of benefits the\nLicensor receives from making the Licensed Material available under\nthese terms and conditions.\n\n\nSection 1 -- Definitions.\n\n a. Adapted Material means material subject to Copyright and Similar\n Rights that is derived from or based upon the Licensed Material\n and in which the Licensed Material is translated, altered,\n arranged, transformed, or otherwise modified in a manner requiring\n permission under the Copyright and Similar Rights held by the\n Licensor. For purposes of this Public License, where the Licensed\n Material is a musical work, performance, or sound recording,\n Adapted Material is always produced where the Licensed Material is\n synched in timed relation with a moving image.\n\n b. Adapter's License means the license You apply to Your Copyright\n and Similar Rights in Your contributions to Adapted Material in\n accordance with the terms and conditions of this Public License.\n\n c. BY-NC-SA Compatible License means a license listed at\n creativecommons.org/compatiblelicenses, approved by Creative\n Commons as essentially the equivalent of this Public License.\n\n d. Copyright and Similar Rights means copyright and/or similar rights\n closely related to copyright including, without limitation,\n performance, broadcast, sound recording, and Sui Generis Database\n Rights, without regard to how the rights are labeled or\n categorized. For purposes of this Public License, the rights\n specified in Section 2(b)(1)-(2) are not Copyright and Similar\n Rights.\n\n e. Effective Technological Measures means those measures that, in the\n absence of proper authority, may not be circumvented under laws\n fulfilling obligations under Article 11 of the WIPO Copyright\n Treaty adopted on December 20, 1996, and/or similar international\n agreements.\n\n f. Exceptions and Limitations means fair use, fair dealing, and/or\n any other exception or limitation to Copyright and Similar Rights\n that applies to Your use of the Licensed Material.\n\n g. License Elements means the license attributes listed in the name\n of a Creative Commons Public License. The License Elements of this\n Public License are Attribution, NonCommercial, and ShareAlike.\n\n h. Licensed Material means the artistic or literary work, database,\n or other material to which the Licensor applied this Public\n License.\n\n i. Licensed Rights means the rights granted to You subject to the\n terms and conditions of this Public License, which are limited to\n all Copyright and Similar Rights that apply to Your use of the\n Licensed Material and that the Licensor has authority to license.\n\n j. Licensor means the individual(s) or entity(ies) granting rights\n under this Public License.\n\n k. NonCommercial means not primarily intended for or directed towards\n commercial advantage or monetary compensation. For purposes of\n this Public License, the exchange of the Licensed Material for\n other material subject to Copyright and Similar Rights by digital\n file-sharing or similar means is NonCommercial provided there is\n no payment of monetary compensation in connection with the\n exchange.\n\n l. Share means to provide material to the public by any means or\n process that requires permission under the Licensed Rights, such\n as reproduction, public display, public performance, distribution,\n dissemination, communication, or importation, and to make material\n available to the public including in ways that members of the\n public may access the material from a place and at a time\n individually chosen by them.\n\n m. Sui Generis Database Rights means rights other than copyright\n resulting from Directive 96/9/EC of the European Parliament and of\n the Council of 11 March 1996 on the legal protection of databases,\n as amended and/or succeeded, as well as other essentially\n equivalent rights anywhere in the world.\n\n n. You means the individual or entity exercising the Licensed Rights\n under this Public License. Your has a corresponding meaning.\n\n\nSection 2 -- Scope.\n\n a. License grant.\n\n 1. Subject to the terms and conditions of this Public License,\n the Licensor hereby grants You a worldwide, royalty-free,\n non-sublicensable, non-exclusive, irrevocable license to\n exercise the Licensed Rights in the Licensed Material to:\n\n a. reproduce and Share the Licensed Material, in whole or\n in part, for NonCommercial purposes only; and\n\n b. produce, reproduce, and Share Adapted Material for\n NonCommercial purposes only.\n\n 2. Exceptions and Limitations. For the avoidance of doubt, where\n Exceptions and Limitations apply to Your use, this Public\n License does not apply, and You do not need to comply with\n its terms and conditions.\n\n 3. Term. The term of this Public License is specified in Section\n 6(a).\n\n 4. Media and formats; technical modifications allowed. The\n Licensor authorizes You to exercise the Licensed Rights in\n all media and formats whether now known or hereafter created,\n and to make technical modifications necessary to do so. The\n Licensor waives and/or agrees not to assert any right or\n authority to forbid You from making technical modifications\n necessary to exercise the Licensed Rights, including\n technical modifications necessary to circumvent Effective\n Technological Measures. For purposes of this Public License,\n simply making modifications authorized by this Section 2(a)\n (4) never produces Adapted Material.\n\n 5. Downstream recipients.\n\n a. Offer from the Licensor -- Licensed Material. Every\n recipient of the Licensed Material automatically\n receives an offer from the Licensor to exercise the\n Licensed Rights under the terms and conditions of this\n Public License.\n\n b. Additional offer from the Licensor -- Adapted Material.\n Every recipient of Adapted Material from You\n automatically receives an offer from the Licensor to\n exercise the Licensed Rights in the Adapted Material\n under the conditions of the Adapter's License You apply.\n\n c. No downstream restrictions. You may not offer or impose\n any additional or different terms or conditions on, or\n apply any Effective Technological Measures to, the\n Licensed Material if doing so restricts exercise of the\n Licensed Rights by any recipient of the Licensed\n Material.\n\n 6. No endorsement. Nothing in this Public License constitutes or\n may be construed as permission to assert or imply that You\n are, or that Your use of the Licensed Material is, connected\n with, or sponsored, endorsed, or granted official status by,\n the Licensor or others designated to receive attribution as\n provided in Section 3(a)(1)(A)(i).\n\n b. Other rights.\n\n 1. Moral rights, such as the right of integrity, are not\n licensed under this Public License, nor are publicity,\n privacy, and/or other similar personality rights; however, to\n the extent possible, the Licensor waives and/or agrees not to\n assert any such rights held by the Licensor to the limited\n extent necessary to allow You to exercise the Licensed\n Rights, but not otherwise.\n\n 2. Patent and trademark rights are not licensed under this\n Public License.\n\n 3. To the extent possible, the Licensor waives any right to\n collect royalties from You for the exercise of the Licensed\n Rights, whether directly or through a collecting society\n under any voluntary or waivable statutory or compulsory\n licensing scheme. In all other cases the Licensor expressly\n reserves any right to collect such royalties, including when\n the Licensed Material is used other than for NonCommercial\n purposes.\n\n\nSection 3 -- License Conditions.\n\nYour exercise of the Licensed Rights is expressly made subject to the\nfollowing conditions.\n\n a. Attribution.\n\n 1. If You Share the Licensed Material (including in modified\n form), You must:\n\n a. retain the following if it is supplied by the Licensor\n with the Licensed Material:\n\n i. identification of the creator(s) of the Licensed\n Material and any others designated to receive\n attribution, in any reasonable manner requested by\n the Licensor (including by pseudonym if\n designated);\n\n ii. a copyright notice;\n\n iii. a notice that refers to this Public License;\n\n iv. a notice that refers to the disclaimer of\n warranties;\n\n v. a URI or hyperlink to the Licensed Material to the\n extent reasonably practicable;\n\n b. indicate if You modified the Licensed Material and\n retain an indication of any previous modifications; and\n\n c. indicate the Licensed Material is licensed under this\n Public License, and include the text of, or the URI or\n hyperlink to, this Public License.\n\n 2. You may satisfy the conditions in Section 3(a)(1) in any\n reasonable manner based on the medium, means, and context in\n which You Share the Licensed Material. For example, it may be\n reasonable to satisfy the conditions by providing a URI or\n hyperlink to a resource that includes the required\n information.\n 3. If requested by the Licensor, You must remove any of the\n information required by Section 3(a)(1)(A) to the extent\n reasonably practicable.\n\n b. ShareAlike.\n\n In addition to the conditions in Section 3(a), if You Share\n Adapted Material You produce, the following conditions also apply.\n\n 1. The Adapter's License You apply must be a Creative Commons\n license with the same License Elements, this version or\n later, or a BY-NC-SA Compatible License.\n\n 2. You must include the text of, or the URI or hyperlink to, the\n Adapter's License You apply. You may satisfy this condition\n in any reasonable manner based on the medium, means, and\n context in which You Share Adapted Material.\n\n 3. You may not offer or impose any additional or different terms\n or conditions on, or apply any Effective Technological\n Measures to, Adapted Material that restrict exercise of the\n rights granted under the Adapter's License You apply.\n\n\nSection 4 -- Sui Generis Database Rights.\n\nWhere the Licensed Rights include Sui Generis Database Rights that\napply to Your use of the Licensed Material:\n\n a. for the avoidance of doubt, Section 2(a)(1) grants You the right\n to extract, reuse, reproduce, and Share all or a substantial\n portion of the contents of the database for NonCommercial purposes\n only;\n\n b. if You include all or a substantial portion of the database\n contents in a database in which You have Sui Generis Database\n Rights, then the database in which You have Sui Generis Database\n Rights (but not its individual contents) is Adapted Material,\n including for purposes of Section 3(b); and\n\n c. You must comply with the conditions in Section 3(a) if You Share\n all or a substantial portion of the contents of the database.\n\nFor the avoidance of doubt, this Section 4 supplements and does not\nreplace Your obligations under this Public License where the Licensed\nRights include other Copyright and Similar Rights.\n\n\nSection 5 -- Disclaimer of Warranties and Limitation of Liability.\n\n a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE\n EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS\n AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF\n ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,\n IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,\n WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR\n PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,\n ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT\n KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT\n ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.\n\n b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE\n TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,\n NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,\n INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,\n COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR\n USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN\n ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR\n DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR\n IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.\n\n c. The disclaimer of warranties and limitation of liability provided\n above shall be interpreted in a manner that, to the extent\n possible, most closely approximates an absolute disclaimer and\n waiver of all liability.\n\n\nSection 6 -- Term and Termination.\n\n a. This Public License applies for the term of the Copyright and\n Similar Rights licensed here. However, if You fail to comply with\n this Public License, then Your rights under this Public License\n terminate automatically.\n\n b. Where Your right to use the Licensed Material has terminated under\n Section 6(a), it reinstates:\n\n 1. automatically as of the date the violation is cured, provided\n it is cured within 30 days of Your discovery of the\n violation; or\n\n 2. upon express reinstatement by the Licensor.\n\n For the avoidance of doubt, this Section 6(b) does not affect any\n right the Licensor may have to seek remedies for Your violations\n of this Public License.\n\n c. For the avoidance of doubt, the Licensor may also offer the\n Licensed Material under separate terms or conditions or stop\n distributing the Licensed Material at any time; however, doing so\n will not terminate this Public License.\n\n d. Sections 1, 5, 6, 7, and 8 survive termination of this Public\n License.\n\n\nSection 7 -- Other Terms and Conditions.\n\n a. The Licensor shall not be bound by any additional or different\n terms or conditions communicated by You unless expressly agreed.\n\n b. Any arrangements, understandings, or agreements regarding the\n Licensed Material not stated herein are separate from and\n independent of the terms and conditions of this Public License.\n\n\nSection 8 -- Interpretation.\n\n a. For the avoidance of doubt, this Public License does not, and\n shall not be interpreted to, reduce, limit, restrict, or impose\n conditions on any use of the Licensed Material that could lawfully\n be made without permission under this Public License.\n\n b. To the extent possible, if any provision of this Public License is\n deemed unenforceable, it shall be automatically reformed to the\n minimum extent necessary to make it enforceable. If the provision\n cannot be reformed, it shall be severed from this Public License\n without affecting the enforceability of the remaining terms and\n conditions.\n\n c. No term or condition of this Public License will be waived and no\n failure to comply consented to unless expressly agreed to by the\n Licensor.\n\n d. Nothing in this Public License constitutes or may be interpreted\n as a limitation upon, or waiver of, any privileges and immunities\n that apply to the Licensor or You, including from the legal\n processes of any jurisdiction or authority.\n\n=======================================================================\n\nCreative Commons is not a party to its public\nlicenses. Notwithstanding, Creative Commons may elect to apply one of\nits public licenses to material it publishes and in those instances\nwill be considered the “Licensor.” The text of the Creative Commons\npublic licenses is dedicated to the public domain under the CC0 Public\nDomain Dedication. Except for the limited purpose of indicating that\nmaterial is shared under a Creative Commons public license or as\notherwise permitted by the Creative Commons policies published at\ncreativecommons.org/policies, Creative Commons does not authorize the\nuse of the trademark \"Creative Commons\" or any other trademark or logo\nof Creative Commons without its prior written consent including,\nwithout limitation, in connection with any unauthorized modifications\nto any of its public licenses or any other arrangements,\nunderstandings, or agreements concerning use of licensed material. For\nthe avoidance of doubt, this paragraph does not form part of the\npublic licenses.\n\nCreative Commons may be contacted at creativecommons.org.\n" }, { "path": "README.md", "content": "# Hacker101\n\n[Hacker101](https://www.hacker101.com/) is a free class for web security.\nWhether you're a programmer with an interest in bug bounties or a seasoned\nsecurity professional, Hacker101 has something to teach you.\n\n## Getting Started\n\n### Prerequisites\n\n- Ruby\n - Suggestion: use [`rbenv`](https://github.com/rbenv/rbenv)\n- `bundler`\n - Run `gem install bundler`, if needed\n\n### Installing\n\nClone this repo:\n\n```\ngit clone https://github.com/Hacker0x01/hacker101.git\n```\n\nIn the project directory, run:\n\n```\nbundle install\n```\n\nBuild the site and spin up the server:\n\n```\nbundle exec jekyll serve\n```\n\nBrowse to [http://localhost:4000](http://localhost:4000)\n\n\n## Contributing\n\nIssues and pull requests are welcome on [GitHub](\nhttps://github.com/Hacker0x01/hacker101)!\n" }, { "path": "_config.yml", "content": "title: Hacker101\nemail: support@hackerone.com\ndescription: >-\n Hacker101 is a free class for web security. Whether you're a programmer with\n an interest in bug bounties or a seasoned security professional, Hacker101\n has something to teach you.\nauthor:\n name: HackerOne\n twitter: Hacker0x01\ngoogle_analytics: UA-49905813-8\nmarkdown: kramdown\nurl: https://www.hacker101.com\ntwitter:\n username: Hacker0x01\nfacebook:\n app_id: 345444188982280\ngithub:\n username: Hacker0x01\nsocial:\n links:\n - https://twitter.com/Hacker0x01\n - https://www.facebook.com/Hacker0x01\n - https://www.linkedin.com/company/hackerone\n - https://github.com/Hacker0x01\n\nplugins:\n - jekyll-redirect-from\n - jekyll-seo-tag\n - jekyll-sitemap\n\n# A list of the pages to display in the navigation bar\nheader_pages:\n\ncollections:\n resources:\n\nexclude:\n [\n .bundle,\n .gitignore,\n CNAME,\n Gemfile,\n Gemfile.lock,\n LICENSE,\n node_modules,\n README.md,\n update_bootstrap.sh,\n vendor,\n ]\n\n\n" }, { "path": "_includes/footer.html", "content": "\n" }, { "path": "_includes/head.html", "content": "\n \n \n \n \n {%- seo -%}\n \n \n \n \n \n \n \n\n" }, { "path": "_includes/header.html", "content": "
\n \n
\n" }, { "path": "_includes/resources_sidebar.html", "content": "\n" }, { "path": "_layouts/default.html", "content": "\n\n\n {%- include head.html -%}\n\n \n\n {%- include header.html -%}\n\n
\n {{ content }}\n
\n\n {%- include footer.html -%}\n\n \n \n \n \n\n" }, { "path": "_layouts/home.html", "content": "---\nlayout: default\n---\n\n
\n\n {%- if page.title -%}\n
\n

{{ page.title }}

\n
\n {%- endif -%}\n\n
\n {{ content }}\n
\n\n {%- if site.posts.size > 0 -%}\n

{{ page.list_title | default: \"Posts\" }}

\n \n\n

subscribe via RSS

\n {%- endif -%}\n\n
\n" }, { "path": "_layouts/page.html", "content": "---\nlayout: default\n---\n\n
\n
\n
\n
\n {%- if page.title -%}\n
\n
\n

{{ page.title | escape }}

\n {{ page.subtitle | escape }}\n
\n
\n {%- endif -%}\n\n
\n {{ content }}\n
\n\n {% if page.video_src %}\n

Video

\n
\n {% if page.video_src contains \"?\" %}\n {% assign symbol = \"&\" %}\n {% else %}\n {% assign symbol = \"?\" %}\n {% endif %}\n \n
\n {% endif %}\n {% if page.previous_url or page.next_url %}\n
\n {% if page.cta_description %}\n
\n {{ page.cta_description }}\n
\n {% endif %}\n {% if page.previous_url %}\n \n {{ page.previous_text | default: \"Previous video\" }}\n \n {% endif %}\n {% if page.next_url %}\n \n {{ page.next_text | default: \"Next video\" }}\n \n {% endif %}\n {% endif %}\n
\n
\n {% if page.sidebar %}\n
\n
\n {% for section in page.sidebar %}\n {% if section.title %}\n
{{ section.title }}
\n {% endif %}\n {% if section.subtitle %}\n
{{ section.subtitle }}
\n {% endif %}\n {% if section.links %}\n
    \n {% for link in section.links %}\n
  • \n {{ link.text }}\n {% if link.updated %}\n Updated!\n {% endif %}\n
    • \n {% endfor %}\n
\n {% endif %}\n {% if section.resources %}\n {% include resources_sidebar.html %}\n {% endif %}\n {% endfor %}\n
\n
\n {% endif %}\n
\n
\n" }, { "path": "_layouts/post.html", "content": "---\nlayout: default\n---\n
\n\n
\n

{{ page.title | escape }}

\n

\n \n {%- if page.author -%}\n • {{ page.author }}\n {%- endif -%}\n

\n
\n\n
\n {{ content }}\n
\n\n
\n" }, { "path": "_resources/00_what_is_hacker101.md", "content": "---\ntitle: What is Hacker101?\n---\n\nHacker101 is a free educational resource developed by [HackerOne](https://www.hackerone.com/) to grow and empower the hacker community at large. We have video lessons and curated resources to help you learn the concepts of hacking and a Capture the Flag where you can turn that theory into practice.\n" }, { "path": "_resources/01_what_is_hacker101_ctf.md", "content": "---\ntitle: What is the Hacker101 CTF?\n---\n\nThe Hacker101 CTF -- or Capture the Flag -- is a game where you hack through levels to find bits of data called flags. These flags mark your progress and allow you to receive invitations to private programs on [HackerOne](https://www.hackerone.com/), where you can use your newly-learned skills.\n" }, { "path": "_resources/02_how_do_i_start.md", "content": "---\ntitle: I'm new to all of this; how do I get started?\n---\n\nCongratulations on taking the first step to becoming a hacker! We recommend starting with our [Hacker101 for Newcomers](/playlists/newcomers) and [Burp Suite](/playlists/burp_suite) playlists. Once you've completed that, start working through the Hacker101 CTF and watching the other [video lessons](/videos) as you need them. While there are no prerequisites for Hacker101, strictly speaking, there are things you can learn to accelerate your hacking education. Note that you don't need to know all of this -- or any -- to get started. Here's a curated list of resources:\n\n* Programming\n * [JavaScript](https://javascript.info/): This is the language used on the majority of web pages. Understanding it is useful for bug hunting because many bugs actually stem from JS code.\n * [Python](https://docs.python.org/3/tutorial/): Commonly used for automating various activities during testing, as well as being useful for general programming.\n * [SQL](https://sqlbolt.com/): Used by most applications for accessing and manipulating data. Knowledge of SQL will help in discovering and exploiting critical SQL Injection vulnerabilities.\n\n* Networking\n * [Terminology guide](https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols): You'll hear many terms from IP address to port to DNS. This guide will help you understand that.\n * [Common Port Numbers](https://www.utilizewindows.com/list-of-common-network-port-numbers/): A useful list of common port numbers and the associated services.\n\n* Linux\n * [Setting up your own web server](https://www.linux.com/training-tutorials/easy-lamp-server-installation): While not security-related in itself, this will teach you many of the commands and concepts you need to know to become a great hacker.\n * [Setting up Kali Linux on Virtualbox](https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox): Kali is a hacking-oriented Linux distribution, used by many bug hunters. This guide will help you set it up in a virtual machine.\n * [Command Line Guide](https://lifehacker.com/a-command-line-primer-for-beginners-5633909?IR=T): You'll end up using many command-line tools as a hacker, so a familiarity with its structure and use is valuable.\n" }, { "path": "_resources/03_how_do_i_do_bug_bounties.md", "content": "---\ntitle: I've been hacking for a while now; how do I get into bug bounties?\n---\n\nWe recommend signing up for a HackerOne account and checking out our extensive programs. Additionally, you can earn invitations to private programs on HackerOne via the Hacker101 CTF. This gets you into programs with fewer hackers, often making it easier to find interesting and impactful bugs.\n" }, { "path": "_resources/04_programming_languages.md", "content": "---\ntitle: Programming languages\n---\n\nProgramming is an important part of being a successful hacker. This isn't a comprehensive list of programming languages and nearly any can be used for most hacking tasks, especially on the web, but rather a list of languages we find especially useful or notable.\n\n* Python and Ruby: Useful for automation and quick testing and analysis, particularly for web hacking.\n* JavaScript: Can be used for the same tasks as Python and Ruby (albeit with fewer relevant libraries), but mostly useful to know for analysis of code on the web, as well as exploitation.\n* Objective-C and Swift: The ability to read these will be essential if you plan to do source code review of iOS applications.\n* Java and Kotlin: The ability to read these will be essential if you plan to do source code review of Android applications. Java is produced by decompilers for Android applications, which allows you to read code (roughly) equivalent to the original source, even when you only have a compiled application.\n* AArch64 assembly: For advanced embedded and mobile hacking, understanding the very lowest level of abstraction is essential.\n" }, { "path": "_resources/05_web_hacking_tools.md", "content": "---\ntitle: Web hacking tools\n---\n\nThis is a curated list of web hacking tools and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [Altdns](https://github.com/infosec-au/altdns): Altdns is a DNS recon tool that allows for the discovery of subdomains that conform to patterns. Altdns takes in words that could be present in subdomains under a domain (such as test, dev, staging), as well as a list of known subdomains.\n* [Amass](https://github.com/OWASP/Amass): The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.\n* [Aquatone](https://github.com/michenriksen/aquatone): Aquatone is a tool for visual inspection of websites across a large number of hosts, which provides a convenient overview of HTTP-based attack surface.\n* [BBHT](https://github.com/nahamsec/bbht): Bug Bounty Hunting Tools is a script to install the most popular tools used while looking for vulnerabilities for a bug bounty program.\n* [Burp Suite](https://portswigger.net/burp): This is the most popular proxy in web hacking circles due to its cross-platform nature and extensive featureset. See [our playlist](/playlists/burp_suite) to make the most of it. Also see our \"Burp Suite Plugins\" list for useful plugins to use.\n* [chaos](https://chaos.projectdiscovery.io): Chaos actively scans and maintains internet-wide assets' data. This project is meant to enhance research and analyze changes around DNS for better insights.\n* [Commit-stream](https://github.com/x1sec/commit-stream): Commit-stream extracts commit logs from the Github event API,  exposing the author details (name and email address) associated with Github repositories in real time.\n* [Dirb](https://github.com/v0re/dirb): DIRB is a web content scanner. It launches a dictionary based attack against a web server and analyzes the response.\n* [Dirsearch](https://github.com/maurosoria/dirsearch): a simple command line tool designed to brute force directories and files in websites.\n* [Dngrep](https://github.com/erbbysam/DNSGrep): A utility for quickly searching presorted DNS names. Built around the Rapid7 rdns & fdns dataset.\n* [Dnscan](https://github.com/rbsec/dnscan): dnscan is a python wordlist-based DNS subdomain scanner\n* [Dnsgen](https://github.com/ProjectAnte/dnsgen): This tool generates a combination of domain names from the provided input. Combinations are created based on wordlist. Custom words are extracted per execution.\n* [Dnsprobe](https://github.com/projectdiscovery/dnsprobe): DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.\n* [EyeWitnees](https://github.com/FortyNorthSecurity/EyeWitness): EyeWitness is designed to take screenshots of websites, provide some server header info, and identify any default credentials. EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The --timeout flag is completely optional, and lets you provide the max time to wait when trying to render and screenshot a web page.\n* [Ffuf](https://github.com/ffuf/ffuf): A fast web fuzzer written in Go.\n* [Findomain](https://github.com/Findomain/Findomain): Findomain offers a dedicated monitoring service hosted in Amazon (only the local version is free), that allows you to monitor your target domains and send alerts to Discord and Slack webhooks or Telegram chats when new subdomains are found.\n* [Gau](https://github.com/lc/gau): getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain. Inspired by Tomnomnom's waybackurls.\n* [gitGraber](https://github.com/hisxo/gitGraber): gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services.\n* [Httprobe](https://github.com/tomnomnom/httprobe): Takes a list of domains and probes for working http and https servers.\n* [Jok3r](https://hub.docker.com/r/koutto/jok3r/): Jok3r is a framework that helps penetration testers with network infrastructure and web security assessments. Its goal is to automate as much as possible in order to quickly identify and exploit \"low-hanging fruit\" and \"quick win\" vulnerabilities on most common TCP/UDP services and most common web technologies (servers, CMS, languages...).\n* [JSParser](https://github.com/nahamsec/JSParser): A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. This is especially useful for discovering AJAX requests when performing security research or bug bounty hunting.\n* [Knockpy](https://github.com/guelfoweb/knock): Knockpy is a python tool designed to enumerate subdomains on a target domain through a word list. It is designed to scan for a DNS zone transfer and bypass the wildcard DNS record automatically, if it is enabled. Knockpy now supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file.\n* [lazyrecon](https://github.com/nahamsec/lazyrecon): This is an assembled collection of tools for performing recon.\n* [lazys3](https://github.com/nahamsec/lazys3): A Ruby script to brute-force for AWS s3 buckets using different permutations.\n* [Masscan](https://github.com/robertdavidgraham/masscan): This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, all from a single machine.\n* [Massdns](https://github.com/blechschmidt/massdns): MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers.\n* [Meg](https://github.com/tomnomnom/meg): Meg is a tool for fetching lots of URLs without taking a toll on the servers. It can be used to fetch many paths for many hosts, or fetching a single path for all hosts before moving on to the next path and repeating.\n* [mitmproxy](https://mitmproxy.org/): This is an open-source proxy written in Python. Not recommended for beginners, but this can be a powerful tool.\n* [Naabu](https://github.com/projectdiscovery/naabu): naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN scans on the host/list of hosts and lists all ports that return a reply.\n* [Nikto2](https://cirt.net/Nikto2): Like DirBuster, but also does some basic checks for known vulnerabilities.\n* [Nuclei](https://github.com/projectdiscovery/nuclei): Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.\n* [OWASP Zed](https://www.zaproxy.org/): OWASP Zed Attack Proxy (ZAP) is an open source tool which is offered by OWASP (Open Web Application Security Project), for penetration testing of your website/web application. It helps you find the security vulnerabilities in your application.\n* [Recon_profile](https://github.com/nahamsec/recon_profile): This tool is to help create easy aliases to run via an SSH/terminal. \n* [Recon-ng](https://github.com/lanmaster53/recon-ng): Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source, web-based reconnaissance quickly and thoroughly.\n* [Shhgit](https://github.com/eth0izzle/shhgit): Shhgit finds secrets and sensitive files across GitHub code and Gists committed in nearly real-time by listening to the GitHub Events API.\n* [Shuffledns](https://github.com/projectdiscovery/shuffledns): shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce, as well as resolve subdomains with wildcard handling and easy input-output support.\n* [sqlmap](https://sqlmap.org/): This allows for easy discovery and exploitation of SQL injection vulnerabilities. It **will not** catch every bug or even be able to exploit some known SQLi bugs. What it will do is make your life much easier in the 80% of cases it will work for.\n* [SSL Labs Server Test](https://www.ssllabs.com/ssltest/): This is an easy to use webapp for testing the SSL configuration of web servers.\n* [Subfinder](https://github.com/projectdiscovery/subfinder): subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.\n* [Subjack](https://github.com/haccer/subjack): Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives.\n* [Sublert](https://github.com/yassineaboukir/sublert): Sublert is a security and reconnaissance tool that was written in Python to leverage certificate transparency for the sole purpose of monitoring new subdomains deployed by specific organizations and an issued TLS/SSL certificate. The tool is supposed to be scheduled to run periodically at fixed times, dates, or intervals (Ideally each day). New identified subdomains will be sent to Slack workspace with a notification push. Furthermore, the tool performs DNS resolution to determine working subdomains.\n* [Sublist3r](https://github.com/aboul3la/Sublist3r): Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.\n* [Teh_s3_bucketeers](https://github.com/tomdev/teh_s3_bucketeers): Teh_s3_bucketeers is a security tool to discover S3 buckets on Amazon's AWS platform.\n* [Unfurl](https://github.com/JLospinoso/unfurl): Unfurl is a tool that analyzes large collections of URLs and estimates their entropies to sift out URLs that might be vulnerable to attack.\n* [Virtual-host-discovery](https://github.com/jobertabma/virtual-host-discovery): This is a basic HTTP scanner that enumerates virtual hosts on a given IP address. During recon, this might help expand the target by detecting old or deprecated code. It may also reveal hidden hosts that are statically mapped in the developer's /etc/hosts file.\n* [Waybackurls](https://github.com/tomnomnom/waybackurls): Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for \\*.domain and output them on stdout.\n* [Webscreenshot](https://github.com/maaaaz/webscreenshot): A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script.\n* [Wfuzz](https://github.com/xmendez/wfuzz): Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.\n* [Whatweb](https://github.com/urbanadventurer/WhatWeb): WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.\n* [Wpscan](https://github.com/wpscanteam/wpscan): WPScan is a free (for non-commercial use) black box WordPress security scanner written for security professionals and bloggers to test the security of their sites.\n* [nmmapper](https://www.nmmapper.com/sys/tools/subdomainfinder/): A Collection of 8 subdomain finders hosted online for quick usage, this include, sublist3r, amass, findomain,knocky,anubis subdomain finder, dnscan, nmap subrute,lepu subdomain and even waybackurl.\n" }, { "path": "_resources/06_burp_suite_plugins.md", "content": "---\ntitle: Burp Suite plugins\n---\n\n[Burp Suite](https://portswigger.net/burp): The quintessential web app hacking tool. Once you hit 500 reputation on HackerOne, you are eligible for a free 3-month license of Burp Suite Pro!\n\nThis is a curated list of Burp plugins and is not intended to be comprehensive; rather, we want to highlight the plugins we find especially useful.\n\n* [ActiveScan++](https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976): ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behavior that may be of interest to advanced testers.\n* [Autorepeater Burp](https://github.com/nccgroup/AutoRepeater): Automated HTTP request repeating with Burp Suite.\n* [Autorize Burp](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f): Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities —one of the more time-consuming tasks in a web application penetration test.\n* [BurpSentinel](https://github.com/dobin/BurpSentinel): With BurpSentinel it is possible for the penetration tester to quickly and easily send a lot of malicious requests to parameters of a HTTP request. Not only that, but it also shows a lot of information of the HTTP responses, corresponding to the attack requests. It's easy to find low-hanging fruit and hidden vulnerabilities like this, and it also allows the tester to focus on more important stuff!\n* [Flow](https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d): This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.\n* [Headless Burp](https://portswigger.net/bappstore/d54b11f7af3c4dfeb6b81fb5db72e381): This extension allows you to run Burp Suite's Spider and Scanner tools in headless mode via the command-line.\n* [Logger++](https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81): Logger++ is a multi-threaded logging extension for Burp Suite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.\n* [WSDL Wizard](https://portswigger.net/bappstore/ef2f3f1a593d417987bb2ddded760aee): This extension scans a target server for WSDL files. After performing normal mapping of an application's content, right click on the relevant target in the site map, and choose \"Scan for WSDL files\" from the context menu. The extension will search the already discovered contents for URLs with the .wsdl file extension, and guess the locations of any additional WSDL files based on the file names known to be in use. The results of the scanning appear within the extension's output tab in the Burp Extender tool.\n" }, { "path": "_resources/07_mobile_hacking_tools.md", "content": "---\ntitle: Mobile hacking tools\n---\n\nThis is a curated list of mobile hacking tools and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [dex2jar](https://github.com/pxb1988/dex2jar): Converts dex code (Android bytecode) into Java JAR files for manipulation or decompilation.\n* [dotPeek](https://www.jetbrains.com/decompiler/): A .NET decompiler, for use with Xamarin Android applications.\n* [Frida \"Universal\" SSL Unpinner](https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725): Universal unpinner.\n* [Frida](https://frida.re/): This is an instrumentation system allowing injection of JavaScript or native libraries into arbitrary mobile applications on iOS and Android. In essence, it makes it painless to change, enhance, or disable functionality in applications.\n* [Genymotion](https://www.genymotion.com/): Cross-platform Android emulator for developers & QA engineers. Develop & automate your tests to deliver best quality apps.\n* [Jadx](https://github.com/skylot/jadx): Jadx is a dex to Java decompiler. The command line and GUI tools for producing Java source code from Android Dex and Apk files.\n* [JD-GUI](https://java-decompiler.github.io/): This is a Java decompiler, useful after dex2jar for easy analysis of Android apps.\n* [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF): An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.\n* [Online Decompiler](https://www.decompiler.com/): APK, JAR and .NET online decompiler.\n* [Radare2](https://rada.re/n/): A free/libre toolchain for easing several low level tasks, such as forensics, software reverse engineering, exploiting, debugging, etc. It is composed by a large number of libraries (which are extended with plugins) and programs that can be automated with almost any programming language.\n" }, { "path": "_resources/08_android_hacking_tools.md", "content": "---\ntitle: Android hacking tools\n---\n\nThis is a curated list of Android hacking tools and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n### Videos\n- [Hacker101 - Android Quickstart](https://www.youtube.com/watch?v=y0O3sCX9ftM)\n- [Hacker101 - Mobile Hacking Crash Course](https://www.youtube.com/watch?v=hKF89TXttnw)\n- [Hacker101: Common Android Bugs Pt. 1](https://www.youtube.com/watch?v=sQ_34dI_geU)\n- [Hacker101: Common Android Bugs Pt. 2](https://www.youtube.com/watch?v=tt1f4pcI0jo)\n- [Android Pentesting Video Playlist](https://www.youtube.com/playlist?list=PLgnrksnL_Rn09gGTTLgi-FL7HxPOoDk3R)\n- [Low Competition Bug Hunting (What to Learn) - ft. #AndroidHackingMonth](https://www.youtube.com/watch?v=Pkd_j31Jtfc)\n\n### Blog Posts\n- [#Androidhackingmonth: Introduction to Android Hacking by @0xteknogeek](https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking)\n- [QA with Android Hacker: Bagipro](https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro)\n- [Hacking SMS API Service Provider of a Company - Android App Static Security Analysis](https://blog.securitybreached.org/2020/02/19/hacking-sms-api-service-provider-of-a-company-android-app-static-security-analysis-bug-bounty-poc/)\n- [Getting Started in Android Apps Pen-testing (Part-1)](https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/)\n\n### Example Reports\n- [Periscope android app deeplink leads to CSRF in follow action](https://hackerone.com/reports/583987)\n- [Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect](https://hackerone.com/reports/499348)\n- [Golden techniques to bypass host validations in Android apps](https://hackerone.com/reports/431002)\n- [SQL Injection found in NextCloud Android App Content Provider](https://hackerone.com/reports/291764)\n- [Quora Android - Possible to steal arbitrary files from mobile device](https://hackerone.com/reports/258460)\n- [Opening arbitrary URLs/XSS in SAMLAuthActivity](https://hackerone.com/reports/283058)\n- [Access of Android protected components via embedded intent](https://hackerone.com/reports/200427)\n\n### Other Resources\n- [The Mobile Hacking CheatSheet](https://github.com/randorisec/MobileHackingCheatSheet)\n- [Mobile App Pentest Cheatsheet](https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet)\n- [Awesome Mobile Security](https://github.com/vaib25vicky/awesome-mobile-security)\n- [Mobile Penetration Testing Kit](https://www.eshlomo.us/mobile-penetration-testing-kit/)\n- [Periscope android app deeplink leads to CSRF in follow action](https://hackerone.com/reports/583987)\n\n### Practice Labs\n- [Damn Insecure and vulnerable App for Android](https://github.com/payatu/diva-android)\n- [InjuredAndroid](https://github.com/B3nac/InjuredAndroid)\n- [Android-InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2)\n" }, { "path": "_resources/09_desktop_hacking_tools.md", "content": "---\ntitle: Desktop / embedded hacking tools\n---\n\nThis is a curated list of hacking tools for native applications and embedded devices and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [american fuzzy lop](https://lcamtuf.coredump.cx/afl/): AFL is an extremely powerful fuzzer, enabling detection of complicated bugs in many applications and libraries.\n* [Binary Ninja](https://binary.ninja/): Another low-cost alternative to IDA. Its API is perhaps the most powerful of the three for automating analysis of code.\n* [Binwalk](https://github.com/ReFirmLabs/binwalk): Used for firmware analysis and extraction. This is primarily useful for embedded Linux devices.\n* [dotPeek](https://www.jetbrains.com/decompiler/): A powerful decompiler for .NET assemblies.\n* [GNU strings](https://en.wikipedia.org/wiki/Strings_(Unix)): Finds strings in arbitrary binaries. While not strictly for reverse-engineering, it is among the most useful tools around.\n* [Hopper](https://www.hopperapp.com/): This is a fantastic, low-cost disassembler and decompiler that runs on macOS and Linux. While it's no replacement for IDA, it is a great choice for most applications.\n* [HxD](https://mh-nexus.de/en/hxd/) (Windows) [0xED](https://www.suavetech.com/0xed/) (macOS): These are graphical hex editors, useful for analysis and manipulation of files and block devices.\n* [IDA Pro and Hex-Rays Decompiler](https://hex-rays.com/ida-pro/): IDA is the absolute gold standard for disassemblers and its decompiler plugins are the gold standard for decompilation. It is a wonderful tool with support for nearly every obscure platform and an extensive (if confusing) SDK to add nearly any feature you can imagine. However, its price makes it difficult to justify.\n* [PE Explorer](http://www.heaventools.com/overview.htm): This is a great tool for analyzing the PE binaries used on Windows. It allows for exploration of the structures of the executable itself, as well as resources.\n* [PEiD](https://www.aldeid.com/wiki/PEiD): Tool for detecting cryptors, packers, and encryption routines in Windows PE binaries.\n* [QEMU](https://www.qemu.org/): An emulator and virtual machine supporting a large number of systems/architectures. This makes it useful for things like running embedded firmware, but also includes [debugging facilities](https://en.wikibooks.org/wiki/QEMU/Debugging_with_QEMU) that make it an optimal tool for hacking. Can be combined with AFL for fuzzing of binaries that aren't for your native architecture.\n* [Radare2](https://rada.re/n/radare2.html): This is a set of tools for doing analysis of binaries. It includes everything from disassembly to debugging and more.\n* [Unicorn Engine](https://www.unicorn-engine.org/): This is a library rather than a standalone tool, but it makes writing quick emulators a breeze. Particularly useful for reverse-engineering.\n" }, { "path": "_resources/10_exploitation_resources.md", "content": "---\ntitle: Exploitation resources\n---\n\nThis is a curated list of exploitation resources and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [NoSQLMap](https://github.com/codingo/NoSQLMap): NoSQLMap is an open source Python tool designed to audit for, as well as automate injection attacks, and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL to disclose or clone data from the database.\n* [Retire.JS](https://addons.mozilla.org/en-US/firefox/addon/retire-js/): Scanning website for vulnerable js libraries.\n* [Spiderfoot](https://github.com/smicallef/spiderfoot): SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available, and automates OSINT collection so that you can focus on data analysis.\n* [sqlmap](https://sqlmap.org/): sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including: database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.\n* [SQLNinja](http://sqlninja.sourceforge.net/): Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.\n* [SSRFTest](https://github.com/daeken/SSRFTest): SSRF testing tool.\n* [XSS Hunter](https://xsshunter.com/): XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.\n* [Ysoserial](https://github.com/frohoff/ysoserial): A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.\n" }, { "path": "_resources/11_scanners_frameworks.md", "content": "---\ntitle: Scanners / frameworks\n---\n\nThis is a curated list of scanners and frameworks and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [Canvas](https://www.immunityinc.com/products/canvas/): CANVAS offers hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.\n* [IronWASP](https://resources.infosecinstitute.com/topic/ironwasp-part-1-2): IronWASP (Iron Web Application Advanced Security testing Platform) is an open source tool used for web application vulnerability testing. It is designed in such a way that users having the right knowledge can create their own scanners using this as a framework. IronWASP is built using Python and Ruby and users having knowledge of them would be able to make full use of the platform. However, IronWASP provides a lot of features that are simple to understand.\n* [Lazyrecon](https://github.com/nahamsec/lazyrecon): LazyRecon is a script written in Bash, intended to automate the tedious tasks of reconnaissance and information gathering. The information is organized in an html report at the end, which helps you identify next steps.\n* [Maltego](https://www.maltego.com/): Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.\n* [Metasploit](https://www.metasploit.com/): Metasploit is an open source penetration testing framework.\n* [Nikto](https://cirt.net/Nikto2): Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.\n* [Nmap](https://nmap.org/): Nmap (\"Network Mapper\") is a free and open source (license) utility for network discovery and security auditing.\n* [OpenVAS](https://www.openvas.org/): OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.\n* [Osmedeus](https://github.com/j3ssie/Osmedeus): Osmedeus allows you to automatically run the collection of awesome tools for reconnaissance and vulnerability scanning against the target.\n* [Reconness](https://github.com/reconness/reconness): ReconNess helps you to run and keep all your #recon in the same place allowing you to focus only on the potentially vulnerable targets without distraction and without requiring a lot of bash skill, or programming skill in general.\n* [Sn1per](https://github.com/1N3/Sn1per): Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.\n* [Wapiti](https://wapiti.sourceforge.io/): Wapiti allows you to audit the security of your websites or web applications. It performs \"black-box\" scans (it does not study the source code) of the web application by crawling the web pages of the deployed webapp, looking for scripts and forms where it can inject data.\n" }, { "path": "_resources/12_datasets_freemium_services.md", "content": "---\ntitle: Datasets / freemium services\n---\n\nThis is a curated list of datasets and freemium services and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [C99.nl](https://api.c99.nl/): Subdomain Finder is a scanner that scans an entire domain to find as many subdomains as possible.\n* [Censys](https://censys.io/): Censys scans the most ports and houses the biggest certificate database in the world, and provides the most up-to-date,  thorough view of your known and unknown assets.\n* [Payloads All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings): A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques.\n* [Rapid7 Forward DNS (FDNS)](https://opendata.rapid7.com/sonar.fdns_v2/): This dataset contains the responses to DNS requests for all forward DNS names known by Rapid7's Project Sonar.\n* [Seclists](https://github.com/danielmiessler/SecLists): SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.\n* [Shodan](https://www.shodan.io/): Shodan provides a public API that allows other tools to access all of Shodan's data. Integrations are available for Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox and many more.\n" }, { "path": "_resources/13_misc_hacking_tools.md", "content": "---\ntitle: Miscellaneous hacking tools\n---\n\nThis is a curated list of miscellaneous hacking tools and is not intended to be comprehensive; rather, we want to highlight the tools we find especially useful.\n\n* [Altair](https://altair.sirmuel.design/): Altair GraphQL Client helps you debug GraphQL queries and implementations - taking care of the hard part so you can focus on actually getting things done.\n* [BuiltWith](https://addons.mozilla.org/en-US/firefox/addon/builtwith/): BuiltWith's goal is to help developers, researchers and designers find out what technologies web pages are using, which may help them decide what technologies to implement themselves.\n* [Ettercap](https://www.ettercap-project.org/): Ettercap is a comprehensive suite which features sniffing of live connections, content filtering, and support for active and passive dissection of many protocols, including multiple features for network and host analysis.\n* [Foxyproxy](https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/): FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. For a simpler tool and less advanced configuration options, please use FoxyProxy Basic.\n* [John the Ripper](https://www.openwall.com/john/): John the Ripper is free and Open Source software, distributed primarily in a source code form.\n* [Swiftness X](https://github.com/ehrishirajsharma/SwiftnessX): A note taking tool for BB and pentesting.\n* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra): This tool is a proof-of-concept code, designed to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.\n* [Transformations](https://transformations.jobertabma.nl/): Transformations makes it easier to detect common data obscurities, which may uncover security vulnerabilities or give insight into bypassing defenses.\n* [Wappalyzer](https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/): Wappalyzer is a browser extension that uncovers the technologies used on websites. It detects content management systems, eCommerce platforms, web servers, JavaScript frameworks, analytics tools and many more.\n* [Wireshark](https://www.wireshark.org/): Wireshark® is a network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network. \n" }, { "path": "_sass/_bootstrap_customization.scss", "content": "// Buttons\n\n@each $color, $value in $theme-colors {\n .btn-#{$color} {\n &:focus,\n &.focus {\n box-shadow: 0 0 $btn-focus-width rgba(theme-color($color), 0.85);\n }\n\n &:not(:disabled):not(.disabled):active,\n &:not(:disabled):not(.disabled).active {\n &:focus {\n box-shadow: 0 0 $btn-focus-width rgba(theme-color($color), 0.85);\n }\n }\n }\n}\n\n@each $color, $value in $theme-colors {\n .btn-outline-#{$color} {\n &:hover {\n background: rgba(0, 0, 0, 0.02);\n color: theme-color($color);\n }\n\n &:focus,\n &.focus {\n box-shadow: 0 0 $btn-focus-width rgba(theme-color($color), 0.85);\n }\n\n &:not(:disabled):not(.disabled):active,\n &:not(:disabled):not(.disabled).active {\n background: rgba(0, 0, 0, 0.04);\n color: theme-color($color);\n\n &:focus {\n box-shadow: 0 0 $btn-focus-width rgba(theme-color($color), 0.85);\n }\n }\n }\n\n .bg-black {\n .btn-outline-#{$color} {\n &:hover {\n background: rgba(255, 255, 255, 0.05);\n }\n\n &:not(:disabled):not(.disabled):active,\n &:not(:disabled):not(.disabled).active {\n background: rgba(255, 255, 255, 0.1);\n }\n }\n\n .btn-outline-secondary {\n color: $white;\n border-color: $white;\n }\n }\n}\n\n.mode-toggle:hover {\n filter:\n brightness(0)\n saturate(100%)\n invert(91%)\n sepia(23%)\n saturate(6279%)\n hue-rotate(335deg)\n brightness(105%)\n contrast(91%);\n}\n\n.bg-white {\n background-color: $white !important;\n\n a:not(.btn) {\n color: $blue;\n\n &:hover {\n color: $blue-500;\n }\n\n &:active {\n color: $blue-600;\n }\n }\n}\n\n.bg-black {\n background-color: $black !important;\n\n a:not(.btn) {\n color: $blue-500;\n\n &:hover {\n color: $blue;\n }\n\n &:active {\n color: $blue-300;\n }\n }\n}\n\n.bg-lighter {\n background-color: $gray-300 !important;\n}\n\n.bg-darker {\n background-color: $gray-850 !important;\n}\n\n@include media-breakpoint-down(md) {\n #sidebar {\n border-top: $border-width solid $black;\n margin-top: 1em;\n padding-top: 0.75em;\n }\n\n .bg-black {\n #sidebar {\n border-top: $border-width solid $gray-800;\n }\n }\n}\n\n@include media-breakpoint-up(lg) {\n #sidebar {\n border-left: $border-width solid $black;\n }\n\n .bg-black {\n #sidebar {\n border-left: $border-width solid $gray-800;\n }\n }\n}\n\narticle {\n img {\n width: 100%;\n }\n}\n\nmain {\n code {\n color: $gray-200;\n background-color: $gray-800;\n border-radius: 0.25em;\n border: $border-width solid $gray-500;\n padding: 0.1em;\n }\n\n h2,\n h3 {\n ¬:first-child {\n margin-top: 0.75em;\n }\n }\n\n hr {\n border-radius: 1px;\n border-width: 0;\n height: 2px;\n color: gray;\n background-color: gray;\n }\n}\n" }, { "path": "_sass/_syntax-highlighting.scss", "content": "// Syntax highlighting styles, can be modified to match the theme\n\n\n.highlight {\n\n color: #111;\n\n pre {\n margin: 0;\n padding: 8px 12px;\n background: #eef;\n border: 1px solid #e8e8e8;\n }\n\n .c { color: #998; font-style: italic } // Comment\n .err { color: #a61717; background-color: #e3d2d2 } // Error\n .k { font-weight: bold } // Keyword\n .o { font-weight: bold } // Operator\n .cm { color: #998; font-style: italic } // Comment.Multiline\n .cp { color: #999; font-weight: bold } // Comment.Preproc\n .c1 { color: #998; font-style: italic } // Comment.Single\n .cs { color: #999; font-weight: bold; font-style: italic } // Comment.Special\n .gd { color: #000; background-color: #fdd } // Generic.Deleted\n .gd .x { color: #000; background-color: #faa } // Generic.Deleted.Specific\n .ge { font-style: italic } // Generic.Emph\n .gr { color: #a00 } // Generic.Error\n .gh { color: #999 } // Generic.Heading\n .gi { color: #000; background-color: #dfd } // Generic.Inserted\n .gi .x { color: #000; background-color: #afa } // Generic.Inserted.Specific\n .go { color: #888 } // Generic.Output\n .gp { color: #555 } // Generic.Prompt\n .gs { font-weight: bold } // Generic.Strong\n .gu { color: #aaa } // Generic.Subheading\n .gt { color: #a00 } // Generic.Traceback\n .kc { font-weight: bold } // Keyword.Constant\n .kd { font-weight: bold } // Keyword.Declaration\n .kp { font-weight: bold } // Keyword.Pseudo\n .kr { font-weight: bold } // Keyword.Reserved\n .kt { color: #458; font-weight: bold } // Keyword.Type\n .m { color: #099 } // Literal.Number\n .s { color: #d14 } // Literal.String\n .na { color: #008080 } // Name.Attribute\n .nb { color: #0086B3 } // Name.Builtin\n .nc { color: #458; font-weight: bold } // Name.Class\n .no { color: #008080 } // Name.Constant\n .ni { color: #800080 } // Name.Entity\n .ne { color: #900; font-weight: bold } // Name.Exception\n .nf { color: #900; font-weight: bold } // Name.Function\n .nn { color: #555 } // Name.Namespace\n .nt { color: #000080 } // Name.Tag\n .nv { color: #008080 } // Name.Variable\n .ow { font-weight: bold } // Operator.Word\n .w { color: #bbb } // Text.Whitespace\n .mf { color: #099 } // Literal.Number.Float\n .mh { color: #099 } // Literal.Number.Hex\n .mi { color: #099 } // Literal.Number.Integer\n .mo { color: #099 } // Literal.Number.Oct\n .sb { color: #d14 } // Literal.String.Backtick\n .sc { color: #d14 } // Literal.String.Char\n .sd { color: #d14 } // Literal.String.Doc\n .s2 { color: #d14 } // Literal.String.Double\n .se { color: #d14 } // Literal.String.Escape\n .sh { color: #d14 } // Literal.String.Heredoc\n .si { color: #d14 } // Literal.String.Interpol\n .sx { color: #d14 } // Literal.String.Other\n .sr { color: #009926 } // Literal.String.Regex\n .s1 { color: #d14 } // Literal.String.Single\n .ss { color: #990073 } // Literal.String.Symbol\n .bp { color: #999 } // Name.Builtin.Pseudo\n .vc { color: #008080 } // Name.Variable.Class\n .vg { color: #008080 } // Name.Variable.Global\n .vi { color: #008080 } // Name.Variable.Instance\n .il { color: #099 } // Literal.Number.Integer.Long\n}\n" }, { "path": "_sass/_variables.scss", "content": "// Brand Colors\n$blue-300: #124ddb;\n$blue: #2d68f4;\n$blue-500: #477eff;\n$blue-600: #7aa2ff;\n$indigo: #6610f2;\n$purple: #6f42c1;\n$pink: #e10e71;\n$red: #df2935;\n$orange: #ff6f22;\n$yellow: #f3b234;\n$green: #02c996;\n$teal: #20c997;\n$cyan: #5bc0de;\n$white: #ffffff;\n$gray-100: #f9f9f9;\n$gray-200: #f5f5f5;\n$gray-300: #e9e9e9;\n$gray-400: #c4c4c4;\n$gray-500: #9e9e9e;\n$gray-600: #868e96;\n$gray-700: #585858;\n$gray-800: #3e3e3e;\n$gray-850: #303030;\n$gray-900: #232323;\n$black: #171717;\n$grays: (\n \"100\": $gray-100,\n \"200\": $gray-200,\n \"300\": $gray-300,\n \"400\": $gray-400,\n \"500\": $gray-500,\n \"600\": $gray-600,\n \"700\": $gray-700,\n \"800\": $gray-800,\n \"850\": $gray-850,\n \"900\": $gray-900\n);\n$theme-colors: (\n \"primary\": $pink,\n \"secondary\": $blue,\n \"success\": $green,\n \"info\": $cyan,\n \"warning\": $yellow,\n \"danger\": $red,\n \"light\": $gray-300,\n \"dark\": $gray-900\n);\n$colors: (\n \"blue\": $blue,\n \"indigo\": $indigo,\n \"purple\": $purple,\n \"pink\": $pink,\n \"red\": $red,\n \"orange\": $orange,\n \"yellow\": $yellow,\n \"green\": $green,\n \"teal\": $teal,\n \"cyan\": $cyan,\n \"white\": $white,\n \"gray\": $gray-600,\n \"gray-dark\": $gray-800\n);\n$theme-color-interval: 8%;\n\n// Spacing\n$spacer: 1rem;\n$spacers: (\n 0: 0,\n 1: (\n $spacer * 0.25\n ),\n 2: (\n $spacer * 0.5\n ),\n 3: $spacer,\n 4: (\n $spacer * 1.5\n ),\n 5: (\n $spacer * 3\n )\n);\n$sizes: (\n 25: 25%,\n 50: 50%,\n 75: 75%,\n 100: 100%\n);\n\n// Options\n$enable-rounded: true;\n$enable-shadows: false;\n$enable-gradients: false;\n$enable-transitions: true;\n$enable-hover-media-query: false;\n$enable-grid-classes: true;\n$enable-print-styles: true;\n\n$yiq-contrasted-threshold: 170 !default;\n\n// Body\n$body-bg: $white;\n$body-color: $gray-900;\n\n// Links\n$link-color: theme-color(\"primary\");\n$link-decoration: none;\n$link-hover-color: darken($link-color, 15%);\n$link-hover-decoration: underline;\n\n// Grid\n$grid-breakpoints: (\n xs: 0,\n sm: 576px,\n md: 768px,\n lg: 992px,\n xl: 1200px\n);\n$container-max-widths: (\n sm: 540px,\n md: 720px,\n lg: 960px,\n xl: 1140px\n);\n$grid-columns: 12;\n$grid-gutter-width: 30px;\n\n// Components\n$line-height-lg: 1.5;\n$line-height-sm: 1.5;\n$border-width: 1px;\n$border-radius: 0.25rem;\n$border-radius-lg: 0.5rem;\n$border-radius-sm: 0.2rem;\n$component-active-color: $white;\n$component-active-bg: theme-color(\"primary\");\n$caret-width: 0.3em;\n$transition-base: all 0.2s ease-in-out;\n$transition-fade: opacity 0.15s linear;\n$transition-collapse: height 0.35s ease;\n\n// Fonts\n@font-face {\n font-family: \"Effra\";\n font-weight: 300;\n font-style: normal;\n src: url(\"../fonts/effra-light.woff\") format(\"woff\");\n font-display: swap;\n}\n\n@font-face {\n font-family: \"Effra\";\n font-weight: 400;\n font-style: normal;\n src: url(\"../fonts/effra-regular.woff\") format(\"woff\");\n font-display: swap;\n}\n\n@font-face {\n font-family: \"Effra\";\n font-weight: 500;\n font-style: normal;\n src: url(\"../fonts/effra-medium.woff\") format(\"woff\");\n font-display: swap;\n}\n\n@font-face {\n font-family: \"Effra\";\n font-weight: 600;\n font-style: normal;\n src: url(\"../fonts/effra-medium.woff\") format(\"woff\");\n font-display: swap;\n}\n\n$font-family-sans-serif: \"Effra\", -apple-system, BlinkMacSystemFont, \"Segoe UI\",\n Roboto, Oxygen, Ubuntu, Cantarell, \"Open Sans\", \"Helvetica Neue\", sans-serif;\n$font-family-monospace: Consolas, \"Liberation Mono\", Courier, monospace;\n$font-family-base: $font-family-sans-serif;\n$font-size-base: 1rem;\n$font-size-lg: 1.25rem;\n$font-size-sm: 0.875rem;\n$font-weight-normal: normal;\n$font-weight-bold: bold;\n$font-weight-base: $font-weight-normal;\n$line-height-base: 1.5;\n$h1-font-size: 2.5rem;\n$h2-font-size: 2rem;\n$h3-font-size: 1.75rem;\n$h4-font-size: 1.5rem;\n$h5-font-size: 1.25rem;\n$h6-font-size: 1rem;\n$headings-margin-bottom: ($spacer / 2);\n$headings-font-family: inherit;\n$headings-font-weight: 500;\n$headings-line-height: 1.1;\n$headings-color: inherit;\n$display1-size: 6rem;\n$display2-size: 5.5rem;\n$display3-size: 4.5rem;\n$display4-size: 3.5rem;\n$display1-weight: 300;\n$display2-weight: 300;\n$display3-weight: 300;\n$display4-weight: 300;\n$display-line-height: $headings-line-height;\n$lead-font-size: 1.25rem;\n$lead-font-weight: 300;\n$small-font-size: 80%;\n$text-muted: $gray-600;\n$blockquote-small-color: $gray-600;\n$blockquote-font-size: ($font-size-base * 1.25);\n$hr-border-color: rgba($black, 0.1);\n$hr-border-width: $border-width;\n$mark-padding: 0.2em;\n$dt-font-weight: $font-weight-bold;\n$kbd-box-shadow: inset 0 -0.1rem 0 rgba($black, 0.25);\n$nested-kbd-font-weight: $font-weight-bold;\n$list-inline-padding: 0.5rem;\n$mark-bg: #fcf8e3;\n\n// Buttons\n$input-btn-padding-y: 0.5rem;\n$input-btn-padding-x: 1.5rem;\n$input-btn-line-height: 1.25;\n$input-btn-padding-y-sm: 0.25rem;\n$input-btn-padding-x-sm: 0.75rem;\n$input-btn-line-height-sm: 1.5;\n$input-btn-padding-y-lg: 0.75rem;\n$input-btn-padding-x-lg: 2.25rem;\n$input-btn-line-height-lg: 1.5;\n$input-btn-focus-width: 6px !default;\n$btn-font-weight: $font-weight-normal;\n$btn-box-shadow: inset 0 1px 0 rgba($white, 0.15), 0 1px 1px rgba($black, 0.075);\n$btn-focus-box-shadow: 0 0 6px rgba(theme-color(\"primary\"), 0.25);\n$btn-active-box-shadow: none;\n$btn-link-disabled-color: $gray-600;\n$btn-block-spacing-y: 0.5rem;\n$btn-border-radius: $border-radius;\n$btn-border-radius-lg: $border-radius-lg;\n$btn-border-radius-sm: $border-radius-sm;\n$btn-transition: all 0.15s ease-in-out;\n\n// Forms\n$input-bg: $white;\n$input-disabled-bg: $gray-200;\n$input-color: $gray-700;\n$input-border-color: rgba($black, 0.15);\n$input-btn-border-width: $border-width;\n$input-box-shadow: inset 0 0 6px rgba($black, 0.075);\n$input-border-radius: $border-radius;\n$input-border-radius-lg: $border-radius-lg;\n$input-border-radius-sm: $border-radius-sm;\n$input-focus-bg: $input-bg;\n$input-focus-border-color: lighten(theme-color(\"primary\"), 25%);\n$input-focus-box-shadow: $input-box-shadow, $btn-focus-box-shadow;\n$input-focus-color: $input-color;\n$input-placeholder-color: $gray-600;\n$input-height-border: $input-btn-border-width * 2;\n$input-height-inner: ($font-size-base * $input-btn-line-height) +\n ($input-btn-padding-y * 2);\n$input-height: calc(#{$input-height-inner} + #{$input-height-border});\n$input-height-inner-sm: ($font-size-sm * $input-btn-line-height-sm) +\n ($input-btn-padding-y-sm * 2);\n$input-height-sm: calc(#{$input-height-inner-sm} + #{$input-height-border});\n$input-height-inner-lg: ($font-size-sm * $input-btn-line-height-lg) +\n ($input-btn-padding-y-lg * 2);\n$input-height-lg: calc(#{$input-height-inner-lg} + #{$input-height-border});\n$input-transition: border-color ease-in-out 0.15s, box-shadow ease-in-out 0.15s;\n$form-text-margin-top: 0.25rem;\n$form-check-margin-bottom: 0.5rem;\n$form-check-input-gutter: 1.25rem;\n$form-check-input-margin-y: 0.25rem;\n$form-check-input-margin-x: 0.25rem;\n$form-check-inline-margin-x: 0.75rem;\n$form-group-margin-bottom: 1rem;\n$input-group-addon-bg: $gray-200;\n$input-group-addon-border-color: $input-border-color;\n$custom-control-gutter: 1.5rem;\n$custom-control-spacer-y: 0.25rem;\n$custom-control-spacer-x: 1rem;\n$custom-control-indicator-size: 1rem;\n$custom-control-indicator-bg: #ddd;\n$custom-control-indicator-bg-size: 50% 50%;\n$custom-control-indicator-box-shadow: inset 0 0.25rem 0.25rem rgba($black, 0.1);\n$custom-control-indicator-disabled-bg: $gray-200;\n$custom-control-description-disabled-color: $gray-600;\n$custom-control-indicator-checked-color: $white;\n$custom-control-indicator-checked-bg: theme-color(\"primary\");\n$custom-control-indicator-checked-box-shadow: none;\n$custom-control-indicator-focus-box-shadow: 0 0 0 1px $body-bg,\n 0 0 0 3px theme-color(\"primary\");\n$custom-control-indicator-active-color: $white;\n$custom-control-indicator-active-bg: lighten(theme-color(\"primary\"), 35%);\n$custom-control-indicator-active-box-shadow: none;\n$custom-checkbox-indicator-border-radius: $border-radius;\n$custom-checkbox-indicator-indeterminate-bg: theme-color(\"primary\");\n$custom-checkbox-indicator-indeterminate-color: $custom-control-indicator-checked-color;\n$custom-checkbox-indicator-indeterminate-box-shadow: none;\n$custom-radio-indicator-border-radius: 50%;\n$custom-select-padding-y: 0.375rem;\n$custom-select-padding-x: 0.75rem;\n$custom-select-height: $input-height;\n$custom-select-indicator-padding: 1rem;\n$custom-select-line-height: $input-btn-line-height;\n$custom-select-color: $input-color;\n$custom-select-disabled-color: $gray-600;\n$custom-select-bg: $white;\n$custom-select-disabled-bg: $gray-200;\n$custom-select-bg-size: 8px 10px;\n$custom-select-indicator-color: #333;\n$custom-select-border-width: $input-btn-border-width;\n$custom-select-border-color: $input-border-color;\n$custom-select-border-radius: $border-radius;\n$custom-select-focus-border-color: lighten(theme-color(\"primary\"), 25%);\n$custom-select-focus-box-shadow: inset 0 1px 2px rgba($black, 0.075),\n 0 0 5px rgba($custom-select-focus-border-color, 0.5);\n$custom-select-font-size-sm: 75%;\n$custom-select-height-sm: $input-height-sm;\n$custom-file-height: 2.5rem;\n$custom-file-width: 14rem;\n$custom-file-focus-box-shadow: 0 0 0 0.075rem $white,\n 0 0 0 0.2rem theme-color(\"primary\");\n$custom-file-padding-y: 1rem;\n$custom-file-padding-x: 0.5rem;\n$custom-file-line-height: 1.5;\n$custom-file-color: $gray-700;\n$custom-file-bg: $white;\n$custom-file-border-width: $border-width;\n$custom-file-border-color: $input-border-color;\n$custom-file-border-radius: $border-radius;\n$custom-file-box-shadow: inset 0 0.2rem 0.4rem rgba($black, 0.05);\n$custom-file-button-color: $custom-file-color;\n$custom-file-button-bg: $gray-200;\n$custom-file-text: (\n en: \"Browse\"\n);\n$form-feedback-valid-color: theme-color(\"success\");\n$form-feedback-invalid-color: theme-color(\"danger\");\n\n// Dropdown\n$dropdown-min-width: 10rem;\n$dropdown-padding-y: 0.5rem;\n$dropdown-spacer: 0.125rem;\n$dropdown-bg: $white;\n$dropdown-border-color: rgba($black, 0.15);\n$dropdown-border-width: $border-width;\n$dropdown-divider-bg: $gray-200;\n$dropdown-box-shadow: 0 0.5rem 1rem rgba($black, 0.175);\n$dropdown-link-color: $gray-900;\n$dropdown-link-hover-color: darken($gray-900, 5%);\n$dropdown-link-hover-bg: $gray-100;\n$dropdown-link-active-color: $component-active-color;\n$dropdown-link-active-bg: $component-active-bg;\n$dropdown-link-disabled-color: $gray-600;\n$dropdown-item-padding-y: 0.25rem;\n$dropdown-item-padding-x: 1.5rem;\n$dropdown-header-color: $gray-600;\n\n$dropdown-link-active-color: $dropdown-link-hover-color !default;\n$dropdown-link-active-bg: $dropdown-link-hover-bg !default;\n\n// Navs\n$nav-link-padding-y: 0.5rem;\n$nav-link-padding-x: 1rem;\n$nav-link-disabled-color: $gray-600;\n$nav-tabs-border-color: #ddd;\n$nav-tabs-border-width: $border-width;\n$nav-tabs-border-radius: $border-radius;\n$nav-tabs-link-hover-border-color: $gray-200;\n$nav-tabs-link-active-color: $gray-700;\n$nav-tabs-link-active-bg: $body-bg;\n$nav-tabs-link-active-border-color: #ddd;\n$nav-pills-border-radius: $border-radius;\n$nav-pills-link-active-color: $component-active-color;\n$nav-pills-link-active-bg: $component-active-bg;\n\n// Navbar\n$navbar-padding-y: ($spacer / 2);\n$navbar-padding-x: $spacer;\n$navbar-brand-font-size: $font-size-lg;\n$nav-link-height: $navbar-brand-font-size * $line-height-base;\n$navbar-brand-height: (\n $font-size-base * $line-height-base + $nav-link-padding-y * 2\n);\n$navbar-brand-padding-y: ($navbar-brand-height - $nav-link-height) / 2;\n$navbar-toggler-padding-y: 0.25rem;\n$navbar-toggler-padding-x: 0.75rem;\n$navbar-toggler-font-size: $font-size-lg;\n$navbar-toggler-border-radius: $btn-border-radius;\n$navbar-dark-color: rgba($white, 0.5);\n$navbar-dark-hover-color: rgba($white, 0.75);\n$navbar-dark-active-color: rgba($white, 1);\n$navbar-dark-disabled-color: rgba($white, 0.25);\n$navbar-dark-toggler-border-color: rgba($white, 0.1);\n$navbar-light-color: rgba($black, 0.5);\n$navbar-light-hover-color: rgba($black, 0.7);\n$navbar-light-active-color: rgba($black, 0.9);\n$navbar-light-disabled-color: rgba($black, 0.3);\n$navbar-light-toggler-border-color: rgba($black, 0.1);\n\n// Tables\n$table-cell-padding: 0.75rem;\n$table-cell-padding-sm: 0.3rem;\n$table-bg: transparent;\n$table-accent-bg: rgba($black, 0.05);\n$table-hover-bg: rgba($black, 0.075);\n$table-active-bg: $table-hover-bg;\n$table-border-width: $border-width;\n$table-border-color: $gray-200;\n$table-head-bg: $gray-200;\n$table-head-color: $gray-700;\n$table-inverse-bg: $gray-900;\n$table-inverse-accent-bg: rgba($white, 0.05);\n$table-inverse-hover-bg: rgba($white, 0.075);\n$table-inverse-border-color: lighten($gray-900, 7.5%);\n$table-inverse-color: $body-bg;\n\n// Z Index\n$zindex-dropdown: 1000;\n$zindex-sticky: 1020;\n$zindex-fixed: 1030;\n$zindex-modal-backdrop: 1040;\n$zindex-modal: 1050;\n$zindex-popover: 1060;\n$zindex-tooltip: 1070;\n\n// Pagination\n$pagination-padding-y: 0.5rem;\n$pagination-padding-x: 0.75rem;\n$pagination-padding-y-sm: 0.25rem;\n$pagination-padding-x-sm: 0.5rem;\n$pagination-padding-y-lg: 0.75rem;\n$pagination-padding-x-lg: 1.5rem;\n$pagination-line-height: 1.25;\n$pagination-color: $link-color;\n$pagination-bg: $white;\n$pagination-border-width: $border-width;\n$pagination-border-color: #ddd;\n$pagination-hover-color: $link-hover-color;\n$pagination-hover-bg: $gray-200;\n$pagination-hover-border-color: #ddd;\n$pagination-active-color: $white;\n$pagination-active-bg: theme-color(\"primary\");\n$pagination-active-border-color: theme-color(\"primary\");\n$pagination-disabled-color: $gray-600;\n$pagination-disabled-bg: $white;\n$pagination-disabled-border-color: #ddd;\n\n// Jumbotron\n$jumbotron-padding: 2rem;\n$jumbotron-bg: $gray-200;\n\n// Cards\n$card-spacer-y: 0.75rem;\n$card-spacer-x: 1.25rem;\n$card-border-width: 1px;\n$card-border-radius: $border-radius;\n$card-border-color: rgba($black, 0.125);\n$card-inner-border-radius: calc(#{$card-border-radius} - #{$card-border-width});\n$card-cap-bg: rgba($black, 0.03);\n$card-bg: $white;\n$card-img-overlay-padding: 1.25rem;\n$card-deck-margin: ($grid-gutter-width / 2);\n$card-columns-count: 3;\n$card-columns-gap: 1.25rem;\n$card-columns-margin: $card-spacer-y;\n\n// Tooltip\n$tooltip-max-width: 200px;\n$tooltip-color: $white;\n$tooltip-bg: $black;\n$tooltip-opacity: 0.9;\n$tooltip-padding-y: 3px;\n$tooltip-padding-x: 8px;\n$tooltip-margin: 0;\n$tooltip-arrow-width: 5px;\n$tooltip-arrow-height: 5px;\n$tooltip-arrow-color: $tooltip-bg;\n\n// Popovers\n$popover-inner-padding: 1px;\n$popover-bg: $white;\n$popover-max-width: 276px;\n$popover-border-width: $border-width;\n$popover-border-color: rgba($black, 0.2);\n$popover-box-shadow: 0 5px 10px rgba($black, 0.2);\n$popover-header-bg: darken($popover-bg, 3%);\n$popover-header-color: $headings-color;\n$popover-header-padding-y: 8px;\n$popover-header-padding-x: 14px;\n$popover-body-color: $body-color;\n$popover-body-padding-y: 9px;\n$popover-body-padding-x: 14px;\n$popover-arrow-width: 10px;\n$popover-arrow-height: 5px;\n$popover-arrow-color: $popover-bg;\n$popover-arrow-outer-width: ($popover-arrow-width + 1px);\n$popover-arrow-outer-color: fade-in($popover-border-color, 0.05);\n\n// Badges\n$badge-color: $white;\n$badge-font-size: 75%;\n$badge-font-weight: $font-weight-bold;\n$badge-padding-y: 0.25em;\n$badge-padding-x: 0.4em;\n$badge-pill-padding-x: 0.6em;\n$badge-pill-border-radius: 10rem;\n\n// Toasts\n\n$toast-background-color: lighten($body-bg, 5%) !default;\n$toast-border-color: rgba(0, 0, 0, 0.2) !default;\n\n$toast-header-color: $body-color !default;\n$toast-header-background-color: $toast-background-color !default;\n$toast-header-border-color: $toast-border-color !default;\n\n// Modals\n$modal-inner-padding: 1rem;\n$modal-dialog-margin: 0.5rem;\n$modal-dialog-margin-y-sm-up: 1.75rem;\n$modal-title-line-height: $line-height-base;\n$modal-content-bg: $white;\n$modal-content-border-color: rgba($black, 0.2);\n$modal-content-border-width: $border-width;\n$modal-content-box-shadow-xs: 0 3px 9px rgba($black, 0.5);\n$modal-content-box-shadow-sm-up: 0 5px 15px rgba($black, 0.5);\n$modal-backdrop-bg: $black;\n$modal-backdrop-opacity: 0.5;\n$modal-header-border-color: $gray-200;\n$modal-footer-border-color: $modal-header-border-color;\n$modal-header-border-width: $modal-content-border-width;\n$modal-footer-border-width: $modal-header-border-width;\n$modal-header-padding: 15px;\n$modal-lg: 800px;\n$modal-md: 500px;\n$modal-sm: 300px;\n$modal-transition: transform 0.3s ease-out;\n\n// Alerts\n$alert-padding-y: 0.75rem;\n$alert-padding-x: 1.25rem;\n$alert-margin-bottom: 1rem;\n$alert-border-radius: $border-radius;\n$alert-link-font-weight: $font-weight-bold;\n$alert-border-width: $border-width;\n\n// Progress bars\n$progress-height: 1rem;\n$progress-font-size: 0.75rem;\n$progress-bg: $gray-200;\n$progress-border-radius: $border-radius;\n$progress-box-shadow: inset 0 0.1rem 0.1rem rgba($black, 0.1);\n$progress-bar-color: $white;\n$progress-bar-bg: theme-color(\"primary\");\n$progress-bar-animation-timing: 1s linear infinite;\n$progress-bar-transition: width 0.6s ease;\n\n// List group\n$list-group-bg: $white;\n$list-group-border-color: rgba($black, 0.125);\n$list-group-border-width: $border-width;\n$list-group-border-radius: $border-radius;\n$list-group-item-padding-y: 0.75rem;\n$list-group-item-padding-x: 1.25rem;\n$list-group-hover-bg: $gray-100;\n$list-group-active-color: $component-active-color;\n$list-group-active-bg: $component-active-bg;\n$list-group-active-border-color: $list-group-active-bg;\n$list-group-disabled-color: $gray-600;\n$list-group-disabled-bg: $list-group-bg;\n$list-group-action-color: $gray-700;\n$list-group-action-hover-color: $list-group-action-color;\n$list-group-action-active-color: $body-color;\n$list-group-action-active-bg: $gray-200;\n\n// Image thumbnails\n$thumbnail-padding: 0.25rem;\n$thumbnail-bg: $body-bg;\n$thumbnail-border-width: $border-width;\n$thumbnail-border-color: #ddd;\n$thumbnail-border-radius: $border-radius;\n$thumbnail-box-shadow: 0 1px 2px rgba($black, 0.075);\n$thumbnail-transition: all 0.2s ease-in-out;\n\n// Figures\n$figure-caption-font-size: 90%;\n$figure-caption-color: $gray-600;\n\n// Breadcrumbs\n$breadcrumb-padding-y: 0.75rem;\n$breadcrumb-padding-x: 1rem;\n$breadcrumb-item-padding: 0.5rem;\n$breadcrumb-bg: $gray-200;\n$breadcrumb-divider-color: $gray-600;\n$breadcrumb-active-color: $gray-600;\n$breadcrumb-divider: \"/\";\n\n// Carousel\n$carousel-control-color: $white;\n$carousel-control-width: 15%;\n$carousel-control-opacity: 0.5;\n$carousel-indicator-width: 30px;\n$carousel-indicator-height: 3px;\n$carousel-indicator-spacer: 3px;\n$carousel-indicator-active-bg: $white;\n$carousel-caption-width: 70%;\n$carousel-caption-color: $white;\n$carousel-control-icon-width: 20px;\n$carousel-transition: transform 0.6s ease;\n\n// Close\n$close-font-size: $font-size-base * 1.5;\n$close-font-weight: $font-weight-bold;\n$close-color: $black;\n$close-text-shadow: 0 1px 0 $white;\n\n// Code\n$code-font-size: 90%;\n$code-padding-y: 0.2rem;\n$code-padding-x: 0.4rem;\n$code-color: #bd4147;\n$code-bg: $gray-100;\n$kbd-color: $white;\n$kbd-bg: $gray-900;\n$pre-color: $gray-900;\n$pre-scrollable-max-height: 340px;\n\n// Options\n$enable-rounded: true;\n$enable-shadows: false;\n$enable-gradients: false;\n$enable-transitions: true;\n$enable-hover-media-query: false;\n$enable-grid-classes: true;\n$enable-print-styles: true;\n" }, { "path": "_sass/bootstrap/__DO_NOT_MODIFY", "content": "" }, { "path": "_sass/bootstrap/_alert.scss", "content": "//\n// Base styles\n//\n\n.alert {\n position: relative;\n padding: $alert-padding-y $alert-padding-x;\n margin-bottom: $alert-margin-bottom;\n border: $alert-border-width solid transparent;\n @include border-radius($alert-border-radius);\n}\n\n// Headings for larger alerts\n.alert-heading {\n // Specified to prevent conflicts of changing $headings-color\n color: inherit;\n}\n\n// Provide class for links that match alerts\n.alert-link {\n font-weight: $alert-link-font-weight;\n}\n\n\n// Dismissible alerts\n//\n// Expand the right padding and account for the close button's positioning.\n\n.alert-dismissible {\n padding-right: $close-font-size + $alert-padding-x * 2;\n\n // Adjust close link position\n .close {\n position: absolute;\n top: 0;\n right: 0;\n z-index: 2;\n padding: $alert-padding-y $alert-padding-x;\n color: inherit;\n }\n}\n\n\n// Alternate styles\n//\n// Generate contextual modifier classes for colorizing the alert.\n\n@each $color, $value in $theme-colors {\n .alert-#{$color} {\n @include alert-variant(theme-color-level($color, $alert-bg-level), theme-color-level($color, $alert-border-level), theme-color-level($color, $alert-color-level));\n }\n}\n" }, { "path": "_sass/bootstrap/_badge.scss", "content": "// Base class\n//\n// Requires one of the contextual, color modifier classes for `color` and\n// `background-color`.\n\n.badge {\n display: inline-block;\n padding: $badge-padding-y $badge-padding-x;\n @include font-size($badge-font-size);\n font-weight: $badge-font-weight;\n line-height: 1;\n text-align: center;\n white-space: nowrap;\n vertical-align: baseline;\n @include border-radius($badge-border-radius);\n @include transition($badge-transition);\n\n @at-root a#{&} {\n @include hover-focus() {\n text-decoration: none;\n }\n }\n\n // Empty badges collapse automatically\n &:empty {\n display: none;\n }\n}\n\n// Quick fix for badges in buttons\n.btn .badge {\n position: relative;\n top: -1px;\n}\n\n// Pill badges\n//\n// Make them extra rounded with a modifier to replace v3's badges.\n\n.badge-pill {\n padding-right: $badge-pill-padding-x;\n padding-left: $badge-pill-padding-x;\n @include border-radius($badge-pill-border-radius);\n}\n\n// Colors\n//\n// Contextual variations (linked badges get darker on :hover).\n\n@each $color, $value in $theme-colors {\n .badge-#{$color} {\n @include badge-variant($value);\n }\n}\n" }, { "path": "_sass/bootstrap/_breadcrumb.scss", "content": ".breadcrumb {\n display: flex;\n flex-wrap: wrap;\n padding: $breadcrumb-padding-y $breadcrumb-padding-x;\n margin-bottom: $breadcrumb-margin-bottom;\n @include font-size($breadcrumb-font-size);\n list-style: none;\n background-color: $breadcrumb-bg;\n @include border-radius($breadcrumb-border-radius);\n}\n\n.breadcrumb-item {\n // The separator between breadcrumbs (by default, a forward-slash: \"/\")\n + .breadcrumb-item {\n padding-left: $breadcrumb-item-padding;\n\n &::before {\n float: left; // Suppress inline spacings and underlining of the separator\n padding-right: $breadcrumb-item-padding;\n color: $breadcrumb-divider-color;\n content: escape-svg($breadcrumb-divider);\n }\n }\n\n // IE9-11 hack to properly handle hyperlink underlines for breadcrumbs built\n // without `