Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
☆75Jan 21, 2024Updated 2 years ago
Alternatives and similar repositories for silent-spring
Users that are interested in silent-spring are comparing it to the libraries listed below
Sorting:
- A collection of Server-Side Prototype Pollution gadgets and exploits☆225Feb 6, 2025Updated last year
- linux ebpf backdoor demo☆12Nov 20, 2024Updated last year
- PoC☆12Apr 7, 2025Updated 11 months ago
- recon.cloud is website that scans AWS, Azure and GCP public cloud footprint this GO tool only utilize its API for getting result to termi…☆25Feb 11, 2023Updated 3 years ago
- ☆30Aug 30, 2022Updated 3 years ago
- DNS Tunneling as net.Conn☆16Dec 22, 2024Updated last year
- ☆46Jan 2, 2022Updated 4 years ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆57Oct 25, 2023Updated 2 years ago
- Companion repository of the "Dancer in the Dark" paper.☆20Jul 13, 2024Updated last year
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆48Aug 31, 2025Updated 6 months ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆165Jan 29, 2024Updated 2 years ago
- ☆17May 29, 2018Updated 7 years ago
- Tools for Attacking Pleasant Password Server☆22Sep 19, 2023Updated 2 years ago
- Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a …☆40Aug 8, 2022Updated 3 years ago
- ☆22Nov 3, 2022Updated 3 years ago
- kill AV/EDR☆21Jun 9, 2023Updated 2 years ago
- Challenges I wrote for various CTF competitions☆44Jul 21, 2024Updated last year
- ☆74Jun 17, 2025Updated 8 months ago
- Exploit for CVE-2024-0402 in Gitlab☆15Mar 18, 2025Updated 11 months ago
- ☆16Feb 27, 2026Updated last week
- ☆10Sep 25, 2024Updated last year
- Shellcode execution via x86 inline assembly based on MSVC syntax☆17Apr 26, 2023Updated 2 years ago
- ☆11Mar 5, 2023Updated 3 years ago
- Pentest Q&A trick written in Vietnamese☆11May 16, 2019Updated 6 years ago
- A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …☆14Oct 21, 2024Updated last year
- pwn envs based on docker of ubuntu16.04,18.04,20.04☆10Dec 4, 2022Updated 3 years ago
- TC39 proposal for mitigating prototype pollution☆52Aug 29, 2023Updated 2 years ago
- ☆32May 1, 2025Updated 10 months ago
- My security presentations☆29Aug 21, 2023Updated 2 years ago
- ☆20Jan 19, 2026Updated last month
- 云原生安全漏洞收集☆18Jul 9, 2025Updated 7 months ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆34Feb 9, 2024Updated 2 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- php decrypt environment for study☆17Jan 10, 2024Updated 2 years ago
- 通过 ebpf(bcc) 在 TCP 包中插入 TOA,实现任意 TOA 伪造☆28Dec 12, 2023Updated 2 years ago
- Artifact for ICSE 2023☆50Sep 24, 2022Updated 3 years ago
- Auto-generated CodeQL rules for matching CVE vulnerabilities and variants.☆185Sep 19, 2024Updated last year
- A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications☆63Jan 29, 2021Updated 5 years ago
- CodeQL extractor for java, which don't need to compile java source☆348Nov 25, 2022Updated 3 years ago