SirAppSec / bsides-shadow-api

Related projects ⓘ

Alternatives and complementary repositories for bsides-shadow-api

• doyensec / cloudsec-tidbits
  Blogpost series showcasing interesting cloud - web app security bugs
  ☆46Updated last year
• stafordtituss / HazProne
  HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…
  ☆39Updated 2 years ago
• hac01 / gcp-iam-brute
  ☆40Updated 5 months ago
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆22Updated 3 months ago
• carlospolop / Cloudtrail2IAM
  ☆16Updated last year
• carlospolop / aws_iam_review
  ☆31Updated last week
• redrays-io / WS_RaceCondition_PoC
  Simple PoC for demonstrating Race Conditions on Websockets
  ☆56Updated last year
• dillonfranke / protoburp
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆30Updated last year
• JOSHUAJEBARAJ / GCP-GOAT
  GCP GOAT is the vulnerable application for learn the GCP Security
  ☆62Updated last year
• offensive-actions / azure-storage-reverse-shell
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆36Updated last month
• zer1t0 / awsenum
  Enumerate AWS permissions and resources.
  ☆64Updated 2 years ago
• RichardoC / gitlab-secrets
  This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…
  ☆39Updated 3 months ago
• Outpost24 / outpost24-cors-check
  Additional active scan checks for BURP
  ☆20Updated last month
• righettod / log4shell-analysis
  Contains all my research and content produced regarding the log4shell vulnerability
  ☆32Updated 2 years ago
• dagheyman / awesome-product-security
  📚A curated list of product security resources.
  ☆18Updated 2 years ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆39Updated 11 months ago
• dsecuredcom / yataf
  yataf extracts secrets and paths from files or urls - its best used against javascript files
  ☆51Updated 2 months ago
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆64Updated 2 months ago
• AdnaneKhan / ActionsTOCTOU
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆22Updated 4 months ago
• yousseflahouifi / moniorg
  moniorg is a tool that leverages crt.sh website to monitor domains of a target
  ☆47Updated last year
• lacioffi / GCP-pentest-lab
  A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities
  ☆25Updated 4 months ago
• nullenc0de / ChromeAudit
  Nuclei plugins to audit Chrome extensions
  ☆64Updated 4 months ago
• Tedixx / ripey
  Tool to query the RIPE database
  ☆11Updated 4 months ago
• NodyHub / zipslipper
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆45Updated 2 months ago
• ghostsecurity / waf-btk
  WAF bypass PoC
  ☆43Updated last year
• padok-team / cognito-scanner
  A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation
  ☆100Updated 9 months ago
• Macmod / goblob
  A fast enumeration tool for publicly exposed Azure Storage blobs.
  ☆78Updated last year
• PortSwigger / paramalyzer
  Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
  ☆29Updated 2 years ago
• vitorfhc / gecko
  Chrome extension for automating CSPT discovery
  ☆49Updated last month
• doyensec / CSPTPlayground
  CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
  ☆84Updated last month