SirAppSec / bsides-shadow-apiLinks
This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me
☆18Updated last year
Alternatives and similar repositories for bsides-shadow-api
Users that are interested in bsides-shadow-api are comparing it to the libraries listed below
Sorting:
- Nuclei plugins to audit Chrome extensions☆65Updated last year
- Additional active scan checks for BURP☆28Updated last year
- Prototype of Full Agentic Application Security Testing, FAAST = SAST + DAST + LLM agents☆67Updated 9 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆42Updated 2 years ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Updated 2 months ago
- ☆51Updated last year
- Simple PoC for demonstrating Race Conditions on Websockets☆55Updated 2 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆49Updated 2 years ago
- A collection of Turbo Intruder scripts.☆68Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆109Updated last year
- ☆94Updated last month
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆36Updated 11 months ago
- Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report☆14Updated last year
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆106Updated last year
- A Burp Suite extension for analyzing Next.js Server Actions - server-side functions identified by hash IDs and `Next-Action` headers.☆43Updated 5 months ago
- A web security research tool for DOM testing☆24Updated this week
- ☆55Updated 2 years ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆50Updated 2 years ago
- FrogPost: postMessage Security Testing Tool☆108Updated 2 months ago
- Verizon Burp Extensions: AI Suite☆142Updated 9 months ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Updated last year
- LLM Testing Findings Templates☆75Updated last year
- WhereToGo - is a list of popular services that might be used in organizations. By having an account of the user - you can try to find ent…☆128Updated 3 years ago
- Damn Vulnerable Browser Extension (DVBE), previously named as Badly Coded Browser Extension (BCBE), is an open-source vulnerable Chrome E…☆32Updated 11 months ago
- ☆114Updated 2 years ago
- Tool to query the RIPE database☆11Updated 8 months ago
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆27Updated last year
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆21Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆47Updated last year
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities☆32Updated 2 months ago