SonarSource / argument-injection-vectors
A curated list of argument injection vectors
☆37Updated 3 weeks ago
Related projects: ⓘ
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- ☆31Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆19Updated last month
- An Evil OIDC Server☆49Updated last year
- Simple PoC for demonstrating Race Conditions on Websockets☆49Updated last year
- A PoC exploit for CVE-2022-41622 - a CSRF in F5 BIG-IP control plane that leads to remote root☆21Updated last year
- A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…☆17Updated last year
- Utility for creating ZipSlip archives☆66Updated last year
- Dependency Confusion Security Testing Tool☆39Updated 2 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆11Updated last year
- A collection of my Semgrep rules☆46Updated last year
- An extension to use Semgrep inside Burp Suite.☆86Updated last year
- ☆15Updated last year
- Make better use of the embedded browser that comes by default with Burp☆38Updated 8 months ago
- This repository contains a sample Java application vulnerable to command injection and server-side request forgery (SSRF).☆12Updated 3 months ago
- ☆11Updated 2 months ago
- Resources for Browser Security Research☆21Updated 2 years ago
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆37Updated 2 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆19Updated 7 months ago
- My collection of Semgrep rules for vulnerability detection on source code (swift, java)☆30Updated 6 months ago
- dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-facto…☆34Updated 4 months ago
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆12Updated last month
- ☆14Updated 3 years ago
- A collection of utilities for building extensions using Burp's Montoya API☆46Updated 2 months ago
- Python code to Serialize and Unserialize java binary serialization format.☆16Updated 9 months ago
- Some vulnerability research slides that I made☆12Updated 2 years ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆51Updated 3 months ago
- CTF challenges WriteUp☆14Updated 2 years ago
- ☆17Updated 2 years ago
- an Evil Java RMI Registry.☆44Updated last year