SirAppSec / bsides-shadow-apiLinks
This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me
☆18Updated 11 months ago
Alternatives and similar repositories for bsides-shadow-api
Users that are interested in bsides-shadow-api are comparing it to the libraries listed below
Sorting:
- Additional active scan checks for BURP☆28Updated 10 months ago
- Nuclei plugins to audit Chrome extensions☆65Updated last year
- A collection of Turbo Intruder scripts.☆63Updated 6 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆42Updated last year
- Prototype of Full Agentic Application Security Testing, FAAST = SAST + DAST + LLM agents☆61Updated 3 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆108Updated last year
- Blogpost series showcasing interesting cloud - web app security bugs☆49Updated 2 years ago
- Simple PoC for demonstrating Race Conditions on Websockets☆55Updated last year
- ☆71Updated 3 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆32Updated 5 months ago
- ☆50Updated last year
- Verizon Burp Extensions: AI Suite☆132Updated 3 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆105Updated 6 months ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Updated 6 months ago
- FrogPost: postMessage Security Testing Tool☆92Updated 2 months ago
- A web security research tool for DOM testing☆21Updated this week
- HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…☆40Updated 3 years ago
- Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report☆13Updated 5 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆162Updated 2 weeks ago
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆24Updated 9 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆47Updated 11 months ago
- Burp Suite extension for testing Passkey systems.☆71Updated 4 months ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Updated 10 months ago
- The Arcanum Prompt Injection Taxonomy☆130Updated 2 months ago
- LLM Testing Findings Templates☆72Updated last year
- 📚A curated list of product security resources.☆20Updated last month
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆33Updated 2 years ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆133Updated 4 months ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆130Updated 4 months ago
- Tool to query the RIPE database☆11Updated 2 months ago