SirAppSec / bsides-shadow-api
This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me
☆18Updated 7 months ago
Alternatives and similar repositories for bsides-shadow-api:
Users that are interested in bsides-shadow-api are comparing it to the libraries listed below
- Blogpost series showcasing interesting cloud - web app security bugs☆47Updated last year
- Additional active scan checks for BURP☆26Updated 5 months ago
- Verizon Burp Extensions: AI Suite☆105Updated this week
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated 3 weeks ago
- ☆60Updated 3 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- ☆33Updated 3 months ago
- A collection of Turbo Intruder scripts.☆54Updated last month
- HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…☆39Updated 2 years ago
- ☆45Updated 9 months ago
- ☆48Updated last week
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆29Updated 2 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆102Updated last month
- A tool for quickly evaluating IAM permissions in AWS.☆57Updated last year
- A recon tool that uses ML to predict subdomains. Then returns those that resolve.☆54Updated last week
- Nuclei plugins to audit Chrome extensions☆64Updated 8 months ago
- Determine privileges from cloud credentials via brute-force testing.☆67Updated 7 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆46Updated 7 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- A comprehensive knowledge base for security professionals to keep track of and build defenses against API attack techniques.☆42Updated 6 months ago
- CoWitness is a powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to …☆124Updated 11 months ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Updated 6 months ago
- Use the GCP testIamPermissions functionality to bruteforce and discover your permissions☆29Updated 6 months ago
- A web security research tool for DOM testing☆19Updated last week
- ☆74Updated 8 months ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆49Updated 2 years ago
- Simple PoC for demonstrating Race Conditions on Websockets☆56Updated last year
- This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response ma…☆79Updated last year
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆20Updated 2 months ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆108Updated 2 months ago