Alternatives and similar repositories for bsides-shadow-api

Users that are interested in bsides-shadow-api are comparing it to the libraries listed below

• doyensec / cloudsec-tidbits
  Blogpost series showcasing interesting cloud - web app security bugs
  ☆49Updated 2 years ago
• Outpost24 / outpost24-cors-check
  Additional active scan checks for BURP
  ☆27Updated 8 months ago
• Tib3rius / Turbo-Intruder-Scripts
  A collection of Turbo Intruder scripts.
  ☆60Updated 4 months ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆41Updated last year
• synacktiv / DepFuzzer
  ☆64Updated last month
• stafordtituss / HazProne
  HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…
  ☆39Updated 2 years ago
• Verizon / verizon_burp_extensions_ai
  Verizon Burp Extensions: AI Suite
  ☆131Updated 2 months ago
• nullenc0de / ChromeAudit
  Nuclei plugins to audit Chrome extensions
  ☆64Updated 11 months ago
• carlospolop / aws_iam_review
  ☆35Updated 2 months ago
• synacktiv / gh-hijack-runner
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆23Updated 8 months ago
• JeffJerseyCow / eviloauth
  OAuth 2.0 exploitation, attack and research tools.
  ☆12Updated last year
• lacioffi / GCP-pentest-lab
  A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities
  ☆27Updated 2 months ago
• mosesrenegade / PMapper
  A tool for quickly evaluating IAM permissions in AWS.
  ☆57Updated last year
• Hipapheralkus / AIAIAI
  An Incredibly Annoying, Insufferable Authentication Implementation
  ☆31Updated last year
• righettod / log4shell-analysis
  Contains all my research and content produced regarding the log4shell vulnerability
  ☆31Updated 3 years ago
• Macmod / STARS
  A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …
  ☆49Updated 2 years ago
• carlospolop / Cloudtrail2IAM
  ☆22Updated 2 years ago
• stephenbradshaw / aws_url_signer
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆58Updated last year
• Tib3rius / Copier
  A Burp extension to help pentesters copy requests / responses for reports.
  ☆38Updated 2 weeks ago
• yacwagh / FAAST
  Prototype of Full Agentic Application Security Testing, FAAST = SAST + DAST + LLM agents
  ☆49Updated last month
• Slayer0x / Cloud-Detective
  Cloud subdomains identification tool
  ☆59Updated 2 months ago
• dsecuredcom / yataf
  yataf extracts secrets and paths from files or urls - its best used against javascript files
  ☆52Updated 9 months ago
• intrudir / burpcollaborator-docker
  A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…
  ☆30Updated 5 months ago
• GangGreenTemperTatum / DOMspy
  A web security research tool for DOM testing
  ☆21Updated this week
• Tedixx / ripey
  Tool to query the RIPE database
  ☆11Updated 3 weeks ago
• CoreyD97 / Burp-Montoya-Utilities
  A collection of utilities for building extensions using Burp's Montoya API
  ☆50Updated last year
• MorDavid / ExternalAttacker-MCP
  A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.
  ☆40Updated 2 months ago
• dillonfranke / protoburp
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆32Updated 3 months ago
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Updated 3 months ago
• hac01 / gcp-iam-brute
  ☆47Updated last year