Contrast-Security-OSS / vulnerable-spring-boot-application

Related projects: ⓘ

• kiview / damn-vulnerable-spring-boot-app
  Spring-Boot app for demonstrating security vulnaribilities
  ☆13Updated 5 years ago
• NotSoSecure / cloud-sec-wiki
  Jekyll Files for cloudsecwiki.com
  ☆49Updated 3 years ago
• righettod / log-requests-to-sqlite
  BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
  ☆61Updated last month
• secdec / astam-correlator
  Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple…
  ☆23Updated last year
• pwntester / XStreamServer
  RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
  ☆20Updated 10 years ago
• augustd / burp-suite-software-version-checks
  Burp extension to passively scan for applications revealing software version numbers
  ☆30Updated 3 months ago
• GDSSecurity / JSSE_Fortify_SCA_Rules
  Custom Fortify SCA rules to detect common JSSE certification validation flaws
  ☆11Updated 8 years ago
• augustd / burp-suite-error-message-checks
  Burp Suite extension to passively scan for applications revealing server error messages
  ☆64Updated 9 months ago
• mpgn / CVE-2019-9580
  CVE-2019-9580 - StackStorm: exploiting CORS misconfiguration (null origin) to gain RCE
  ☆32Updated 5 years ago
• lanmaster53 / cef
  Proof-of-concept CORS exploitation tool.
  ☆34Updated 5 years ago
• jtmelton / camas
  A zero-dependency tool for finding secrets in directories
  ☆10Updated 3 years ago
• we45 / Serverless-Workshop
  Serverless Workshop
  ☆16Updated last year
• PortSwigger / java-deserialization-scanner
  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
  ☆26Updated 2 years ago
• OpenSecuritySummit / oss2019
  Open Security Summit 2019
  ☆24Updated 3 years ago
• PortSwigger / flow
  Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
  ☆24Updated 2 years ago
• Morningstar / GoASQ
  General Open Architecture Security Questionnaire
  ☆30Updated last year
• PortSwigger / taborator
  A Burp extension to show the Collaborator client in a tab
  ☆36Updated last year
• cxai / Checkmarx-PowerTools
  A collection of various scripts and automations to simplify Checkmarx SAST and IAST setup and use
  ☆14Updated 6 years ago
• ah8r / csrf
  CSRF Scanner Extension for Burp Suite Pro
  ☆19Updated 6 years ago
• smiegles / certs
  Parse X509 certificates to get the (sub)domains in it.
  ☆28Updated 6 years ago
• fbogner / race2rce
  A PoC that shows that Web Vulnerabilities can indeed be interesting
  ☆19Updated 6 years ago
• ropnop / pentest_charts
  Some helpful Helm Charts for pentesters
  ☆38Updated 5 years ago
• secdec / pen-test-automation
  A framework for automating penetration testing using a plugin based architecture
  ☆34Updated 2 years ago
• omarkurt / cve-2014-0130
  cve-2014-0130 rails directory traversal vuln
  ☆18Updated 7 years ago
• jackj07 / Response-Pattern-Matcher
  Adds extensibility to Burp by using a list of payloads to pattern match on HTTP responses highlighting interesting and potentially vulner…
  ☆15Updated last year
• irsl / jackson-rce-via-spel
  An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
  ☆121Updated 6 years ago
• tls-attacker / TLS-Attacker-BurpExtension
  ☆35Updated 4 years ago
• marco-lancini / docker_burp
  Burp as a Docker Container
  ☆59Updated 4 years ago
• OWASP / TimeGap-Theory
  An auto-scoring capture-the-flag game focusing on TOCTOU vulnerabilities
  ☆18Updated 3 years ago
• wuntee / BurpAuthzPlugin
  ☆75Updated 11 years ago