DataDog/security-labs-pocs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

DataDog/security-labs-pocs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/DataDog/security-labs-pocs)

Close

DataDog / security-labs-pocsView on GitHubMore

• External links
• Readme badge

Proof of concept code for Datadog Security Labs referenced exploits.

☆449Feb 13, 2026Updated 2 weeks ago

Alternatives and similar repositories for security-labs-pocs

Users that are interested in security-labs-pocs are comparing it to the libraries listed below

• notkmhn / CVE-2022-21449-TLS-PoC

  View on GitHub
  CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server
  ☆123Apr 21, 2022Updated 3 years ago
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,267Updated this week
• defparam / haptyc

  View on GitHub
  ☆95Sep 18, 2021Updated 4 years ago
• httpvoid / writeups

  View on GitHub
  ☆1,200Sep 2, 2022Updated 3 years ago
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆338Feb 13, 2026Updated 2 weeks ago
• stephenbradshaw / aws_url_signer

  View on GitHub
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆59Sep 20, 2023Updated 2 years ago
• akabe1 / OAUTHScan

  View on GitHub
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security
  ☆175Oct 26, 2024Updated last year
• riramar / h2rs

  View on GitHub
  Detects request smuggling via HTTP/2 downgrades.
  ☆94Jul 30, 2022Updated 3 years ago
• mandiant / route-sixty-sink

  View on GitHub
  Link sources to sinks in C# applications.
  ☆150Apr 10, 2023Updated 2 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆613Mar 4, 2021Updated 5 years ago
• Puliczek / awesome-list-of-secrets-in-environment-variables

  View on GitHub
  🦄🔒 Awesome list of secrets in environment variables 🖥️
  ☆902Sep 21, 2022Updated 3 years ago
• mllamazares / STRIDE-vs-ASVS

  View on GitHub
  🖇️ equivalence table between OWASP ASVS standard and STRIDE threat modeling methodology.
  ☆76Aug 22, 2024Updated last year
• SummitRoute / csp_security_mistakes

  View on GitHub
  This repo has been replaced by https://www.cloudvulndb.org
  ☆726Jun 29, 2022Updated 3 years ago
• blackberry / Falco-bypasses

  View on GitHub
  Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
  ☆88Jan 28, 2024Updated 2 years ago
• BishopFox / cloudfox

  View on GitHub
  Automating situational awareness for cloud penetration tests.
  ☆2,299Updated this week
• cyberark / kubesploit

  View on GitHub
  Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized en…
  ☆1,215Feb 3, 2025Updated last year
• rootsecdev / Azure-Red-Team

  View on GitHub
  Azure Security Resources and Notes
  ☆1,713Feb 17, 2026Updated 2 weeks ago
• doyensec / oidc-ssrf

  View on GitHub
  An Evil OIDC Server
  ☆53Oct 19, 2022Updated 3 years ago
• synacktiv / mojarragadget

  View on GitHub
  ☆15Oct 25, 2021Updated 4 years ago
• hahwul / authz0

  View on GitHub
  🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
  ☆427Feb 20, 2026Updated last week
• hakluke / hakoriginfinder

  View on GitHub
  Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  ☆978Jan 12, 2024Updated 2 years ago
• krisnova / kush

  View on GitHub
  Kubernetes Unhinged Shell 😎
  ☆46Oct 8, 2022Updated 3 years ago
• assetnote / blind-ssrf-chains

  View on GitHub
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆953Dec 31, 2021Updated 4 years ago
• dirkjanm / ROADtools

  View on GitHub
  A collection of Azure AD/Entra tools for offensive and defensive security purposes
  ☆2,530Feb 5, 2026Updated last month
• doyensec / inql

  View on GitHub
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,737Feb 16, 2026Updated 2 weeks ago
• jhaddix / awsScrape

  View on GitHub
  A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
  ☆239Jan 10, 2024Updated 2 years ago
• neex / http2smugl

  View on GitHub
  ☆562Mar 27, 2025Updated 11 months ago
• sbasu7241 / AWS-Threat-Simulation-and-Detection

  View on GitHub
  Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic
  ☆308Jan 6, 2023Updated 3 years ago
• punk-security / smbeagle

  View on GitHub
  SMBeagle - Fileshare auditing tool.
  ☆744Nov 4, 2025Updated 4 months ago
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated 11 months ago
• RhinoSecurityLabs / pacu

  View on GitHub
  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  ☆5,073Feb 24, 2026Updated last week
• DataDog / dirtypipe-container-breakout-poc

  View on GitHub
  Container Excape PoC for CVE-2022-0847 "DirtyPipe"
  ☆78Apr 20, 2022Updated 3 years ago
• pimps / JNDI-Exploit-Kit

  View on GitHub
  JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP S…
  ☆936Sep 2, 2025Updated 6 months ago
• assetnote / exploits

  View on GitHub
  Repository to store exploits created by Assetnotes Security Research team
  ☆181Nov 7, 2023Updated 2 years ago
• inguardians / peirates

  View on GitHub
  Peirates - Kubernetes Penetration Testing tool
  ☆1,424Jan 20, 2026Updated last month
• akamai / akamai-security-research

  View on GitHub
  This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
  ☆524Jun 10, 2025Updated 8 months ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,589Jan 27, 2024Updated 2 years ago
• visma-prodsec / confused

  View on GitHub
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆778Aug 19, 2024Updated last year
• doyensec / PESD-Exporter-Extension

  View on GitHub
  PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
  ☆107Jan 30, 2025Updated last year