DataDog / vulnerable-java-application
This repository contains a sample Java application vulnerable to command injection and server-side request forgery (SSRF).
☆12Updated 3 months ago
Related projects: ⓘ
- A curated list of argument injection vectors☆37Updated 3 weeks ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆19Updated last month
- An Evil OIDC Server☆49Updated last year
- POC for CVE-2022-23648☆35Updated 2 years ago
- PoC for gaining persistency on vulnerable Lambdas☆30Updated 3 years ago
- ☆13Updated 11 months ago
- An extension to use Semgrep inside Burp Suite.☆86Updated last year
- Dependency Confusion Security Testing Tool☆39Updated 2 years ago
- Argument Injection in Dragonfly Ruby Gem☆16Updated 3 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆44Updated last year
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- Determine privileges from cloud credentials via brute-force testing.☆63Updated 3 weeks ago
- ☆17Updated 2 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆11Updated last year
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆37Updated 2 years ago
- Enumerate AWS permissions and resources.☆62Updated 2 years ago
- Some vulnerability research slides that I made☆12Updated 2 years ago
- Utility for creating ZipSlip archives☆66Updated last year
- ☆15Updated last year
- A collection of my Semgrep rules☆46Updated last year
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆57Updated last year
- ☆58Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆38Updated 9 months ago
- ☆159Updated 2 years ago
- GCP cloud security CTF☆41Updated 6 months ago
- Simple PoC for demonstrating Race Conditions on Websockets☆49Updated last year
- Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10☆14Updated last year
- ☆31Updated last year
- ☆31Updated last year
- Jenkins Security Research☆10Updated last month