PortSwigger / ci-driven-scan-github-actionLinks
A github action that allows you to run a vulnerability scan.
☆15Updated 2 years ago
Alternatives and similar repositories for ci-driven-scan-github-action
Users that are interested in ci-driven-scan-github-action are comparing it to the libraries listed below
Sorting:
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆181Updated last month
- boostsecurityio/lotp☆137Updated last week
- Scanner to identify dangling DNS records and subdomain takeovers☆49Updated last year
- Scan your account for the use of untrusted AMIs☆31Updated 2 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆155Updated last year
- Holds the public Hacking the Cloud CTFs.☆63Updated last year
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆40Updated 4 years ago
- A tool to uncover undocumented APIs from the AWS Console.☆116Updated 9 months ago
- Scans your Github Actions for security issues☆88Updated this week
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆228Updated 2 weeks ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆191Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆109Updated last year
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆141Updated last year
- A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration☆337Updated last month
- An AWS metadata enumeration tool by Plerion☆101Updated last year
- Cloud agnostic IAM permissions enumerator☆161Updated 9 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆312Updated last week
- Blogpost series showcasing interesting cloud - web app security bugs☆49Updated 2 years ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆106Updated last year
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆141Updated 3 months ago
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆106Updated 2 years ago
- How GitHub Actions workflows can be hacked☆176Updated last year
- Secrets Ninja is an GUI tool for validating & investigating API keys discovered during pentesting & bug bounty hunting.☆158Updated 2 months ago
- ☆192Updated 9 months ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆61Updated last year
- PyCript Websocket is now merge into https://github.com/Anof-cyber/PyCript, this repo is not available anymore.☆82Updated last month
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆113Updated last year
- Secret Magpie - Secret Detection Tool☆246Updated last year
- Tools to assess DNS security.☆153Updated last year
- Nuclei plugins to audit Chrome extensions☆65Updated last year