DataDog / vulnerable-java-application

Related projects: ⓘ

• SonarSource / argument-injection-vectors
  A curated list of argument injection vectors
  ☆37Updated 3 weeks ago
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆19Updated last month
• doyensec / oidc-ssrf
  An Evil OIDC Server
  ☆49Updated last year
• raesene / CVE-2022-23648-POC
  POC for CVE-2022-23648
  ☆35Updated 2 years ago
• twistlock / lambda-persistency-poc
  PoC for gaining persistency on vulnerable Lambdas
  ☆30Updated 3 years ago
• simondotsh / nsec2023-ctf-aws
  ☆13Updated 11 months ago
• gand3lf / semgrepper
  An extension to use Semgrep inside Burp Suite.
  ☆86Updated last year
• doyensec / confuser
  Dependency Confusion Security Testing Tool
  ☆39Updated 2 years ago
• mlr0p / CVE-2021-33564
  Argument Injection in Dragonfly Ruby Gem
  ☆16Updated 3 years ago
• doyensec / cloudsec-tidbits
  Blogpost series showcasing interesting cloud - web app security bugs
  ☆44Updated last year
• dillonfranke / protoburp
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆30Updated last year
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆63Updated 3 weeks ago
• AnubisSec / GroovyWaiter
  ☆17Updated 2 years ago
• intruder-io / rebind-server
  A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers
  ☆11Updated last year
• riramar / h2csmuggler-proxy
  This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.
  ☆37Updated 2 years ago
• zer1t0 / awsenum
  Enumerate AWS permissions and resources.
  ☆62Updated 2 years ago
• angelystor / potato-academy
  Some vulnerability research slides that I made
  ☆12Updated 2 years ago
• usdAG / slipit
  Utility for creating ZipSlip archives
  ☆66Updated last year
• carlospolop / Cloudtrail2IAM
  ☆15Updated last year
• federicodotta / semgrep-rules
  A collection of my Semgrep rules
  ☆46Updated last year
• stephenbradshaw / aws_url_signer
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆57Updated last year
• nccgroup / cowcloud
  ☆58Updated last year
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆38Updated 9 months ago
• neex / ghostinthepdf
  ☆159Updated 2 years ago
• NicholasSpringer / thunder-ctf
  GCP cloud security CTF
  ☆41Updated 6 months ago
• redrays-io / WS_RaceCondition_PoC
  Simple PoC for demonstrating Race Conditions on Websockets
  ☆49Updated last year
• JacobEbben / CVE-2022-24716
  Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10
  ☆14Updated last year
• raesene / k8s_ssrf_portscanner
  ☆31Updated last year
• elttam / rsu-cracker
  ☆31Updated last year
• dibsy / Recipies-Of-A-Jenkins-Hacker
  Jenkins Security Research
  ☆10Updated last month