Contrast-Security-OSS / Burptrast
Burp Plugin for Contrast Security
β16Updated 5 months ago
Alternatives and similar repositories for Burptrast:
Users that are interested in Burptrast are comparing it to the libraries listed below
- Semgrep rules corresponding to the OWASP ASVS standardβ27Updated 4 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.β134Updated 4 years ago
- ποΈ STRIDE vs. ASVS equivalence tableβ76Updated 7 months ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.β73Updated 3 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.β76Updated 3 years ago
- Scripts and tools for AWS Pentestβ53Updated 4 years ago
- OWASP practice lab, just a few copy/pastes away. Fully stacked and ready to go with Dockerβ18Updated 6 years ago
- GCP GOAT is the vulnerable application for learn the GCP Securityβ64Updated last year
- Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulneβ¦β31Updated 2 years ago
- β63Updated 2 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rulesβ39Updated 4 years ago
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).β122Updated last year
- A colorful cross-platform python script to test misconfigurations of AWS S3 buckets both through authenticated and unauthenticated checksβ¦β39Updated 3 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parametersβ63Updated last year
- Docs: Vulnerability management aggregation of AppSec & OpSec (Tools Listing)β30Updated last year
- A simple file-based scanner to look for potential AWS access and secret keys in filesβ91Updated last year
- This repo gives an overview of some GCP metadata API attack and defend patternsβ76Updated 5 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRFβ58Updated last year
- Security checks for http headers and cookiesβ24Updated 4 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parametersβ101Updated last year
- β90Updated 3 years ago
- β134Updated 2 years ago
- Burp Suite Importer - Connect to multiple web servers while populating the sitemap.β48Updated 4 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.β111Updated 6 years ago
- A list of "secrets" from JWT sample code and readme files.β54Updated 4 years ago
- AWS Security Checksβ37Updated 7 years ago
- Burp Extension for AWS Signingβ87Updated 2 months ago
- The Pixi module is a MEAN Stack web app with wildly insecure APIs!β123Updated 2 years ago
- Yet another open S3 bucket finderβ20Updated 7 years ago
- Salesforce object access auditorβ111Updated 2 years ago