GitHubSecurityLab / ruby-unsafe-deserialization
Proof of Concepts for unsafe deserialization in Ruby
☆17Updated 5 months ago
Alternatives and similar repositories for ruby-unsafe-deserialization:
Users that are interested in ruby-unsafe-deserialization are comparing it to the libraries listed below
- ☆15Updated 3 years ago
- Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes☆31Updated 2 years ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆39Updated 3 months ago
- Prototype Pollution exploits collection☆32Updated 3 years ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆31Updated 2 weeks ago
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated 2 weeks ago
- A collection of utilities for building extensions using Burp's Montoya API☆47Updated 9 months ago
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated 11 months ago
- ☆70Updated 3 years ago
- Utility for creating ZipSlip archives☆71Updated 2 years ago
- Additional active scan checks for BURP☆26Updated 5 months ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆12Updated last year
- ☆94Updated 3 years ago
- Same Origin XSS challenge☆56Updated 2 years ago
- ☆13Updated 3 months ago
- ☆25Updated this week
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Updated 6 months ago
- ☆74Updated 5 months ago
- Make better use of the embedded browser that comes by default with Burp☆43Updated last year
- An intentionally-vulnerable application for demonstrating the hazards of SpEL expression composition☆27Updated 6 years ago
- A collection of utilities to simplify the creation of Burp Suite plugins☆22Updated last year
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- Dependency Confusion Security Testing Tool☆47Updated 2 years ago
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆37Updated 2 years ago
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆20Updated 6 months ago
- ☆32Updated 9 months ago
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆20Updated 2 months ago
- Chrome extension to detect possible xsleaks☆12Updated 5 years ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago