SonarSource / argument-injection-vectors

Related projects: ⓘ

• dillonfranke / protoburp
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆30Updated last year
• elttam / rsu-cracker
  ☆31Updated last year
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆19Updated last month
• doyensec / oidc-ssrf
  An Evil OIDC Server
  ☆49Updated last year
• redrays-io / WS_RaceCondition_PoC
  Simple PoC for demonstrating Race Conditions on Websockets
  ☆49Updated last year
• rbowes-r7 / refreshing-soap-exploit
  A PoC exploit for CVE-2022-41622 - a CSRF in F5 BIG-IP control plane that leads to remote root
  ☆21Updated last year
• doyensec / CVE-2022-39299_PoC_Generator
  A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…
  ☆17Updated last year
• usdAG / slipit
  Utility for creating ZipSlip archives
  ☆66Updated last year
• doyensec / confuser
  Dependency Confusion Security Testing Tool
  ☆39Updated 2 years ago
• intruder-io / rebind-server
  A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers
  ☆11Updated last year
• federicodotta / semgrep-rules
  A collection of my Semgrep rules
  ☆46Updated last year
• gand3lf / semgrepper
  An extension to use Semgrep inside Burp Suite.
  ☆86Updated last year
• carlospolop / DistrolessRCE
  ☆15Updated last year
• rs-loves-bugs / burp-browser-profiles
  Make better use of the embedded browser that comes by default with Burp
  ☆38Updated 8 months ago
• DataDog / vulnerable-java-application
  This repository contains a sample Java application vulnerable to command injection and server-side request forgery (SSRF).
  ☆12Updated 3 months ago
• elttam / plormber
  ☆11Updated 2 months ago
• security-prince / Browser-Security-Research
  Resources for Browser Security Research
  ☆21Updated 2 years ago
• riramar / h2csmuggler-proxy
  This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.
  ☆37Updated 2 years ago
• BishopFox / ysoserial-bf
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆19Updated 7 months ago
• akabe1 / akabe1-semgrep-rules
  My collection of Semgrep rules for vulnerability detection on source code (swift, java)
  ☆30Updated 6 months ago
• emptynebuli / dauthi
  dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-facto…
  ☆34Updated 4 months ago
• synacktiv / gh-hijack-runner
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆12Updated last month
• TheGrandPew / Sanity
  ☆14Updated 3 years ago
• CoreyD97 / Burp-Montoya-Utilities
  A collection of utilities for building extensions using Burp's Montoya API
  ☆46Updated 2 months ago
• k3idii / Deserek
  Python code to Serialize and Unserialize java binary serialization format.
  ☆16Updated 9 months ago
• angelystor / potato-academy
  Some vulnerability research slides that I made
  ☆12Updated 2 years ago
• ambionics / scalpel
  Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.
  ☆51Updated 3 months ago
• Hakumarachi / WriteUp
  CTF challenges WriteUp
  ☆14Updated 2 years ago
• AnubisSec / GroovyWaiter
  ☆17Updated 2 years ago
• hakivvi / ermir
  an Evil Java RMI Registry.
  ☆44Updated last year