GitHubSecurityLab / ruby-unsafe-deserialization
Proof of Concepts for unsafe deserialization in Ruby
☆17Updated 4 months ago
Alternatives and similar repositories for ruby-unsafe-deserialization:
Users that are interested in ruby-unsafe-deserialization are comparing it to the libraries listed below
- ☆15Updated 3 years ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆38Updated 2 months ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆12Updated last year
- Prototype Pollution exploits collection☆32Updated 3 years ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆45Updated last year
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- ☆70Updated 3 years ago
- Dependency Confusion Security Testing Tool☆47Updated 2 years ago
- A collection of utilities for building extensions using Burp's Montoya API☆47Updated 8 months ago
- Same Origin XSS challenge☆56Updated 2 years ago
- Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes☆31Updated 2 years ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated this week
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆20Updated 6 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆31Updated last week
- Utility for creating ZipSlip archives☆70Updated 2 years ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆51Updated 6 months ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- Chrome extension to detect possible xsleaks☆12Updated 5 years ago
- ☆94Updated 3 years ago
- A collection of my Semgrep rules☆48Updated last year
- An intentionally-vulnerable application for demonstrating the hazards of SpEL expression composition☆27Updated 6 years ago
- Collection of quirky behaviours of code and the CTF challenges that I made around them.☆27Updated 4 years ago
- Awesome MXSS ??☆48Updated 5 months ago
- tetctf2020_amf_writeups☆23Updated 4 years ago
- ☆56Updated 3 years ago
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆37Updated 2 years ago
- Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.☆67Updated 3 years ago
- This is the data that powers the PortSwigger URL validation bypass cheat sheet.☆39Updated this week
- A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…☆18Updated 2 years ago