SonarSource / argument-injection-vectors
A curated list of argument injection vectors
☆40Updated 2 months ago
Alternatives and similar repositories for argument-injection-vectors:
Users that are interested in argument-injection-vectors are comparing it to the libraries listed below
- php7.4.26-internalog☆13Updated 2 years ago
- ☆16Updated last year
- Use the GCP testIamPermissions functionality to bruteforce and discover your permissions☆31Updated 6 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated 3 weeks ago
- ☆32Updated 2 years ago
- ☆61Updated 3 months ago
- ☆26Updated last week
- A PoC exploit for CVE-2022-41622 - a CSRF in F5 BIG-IP control plane that leads to remote root☆21Updated 2 years ago
- This repository offers insights and a proof-of-concept tool to exploit two significant deserialization vulnerabilities in Inductive Autom…☆43Updated last year
- Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool☆25Updated 3 years ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆39Updated 3 months ago
- Some vulnerability research slides that I made☆12Updated 3 years ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆21Updated 3 years ago
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆20Updated 2 months ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆26Updated last year
- An Evil OIDC Server☆53Updated 2 years ago
- an Evil Java RMI Registry.☆49Updated 2 years ago
- Utility for creating ZipSlip archives☆72Updated 2 years ago
- ☆114Updated last year
- Make better use of the embedded browser that comes by default with Burp☆43Updated last year
- HTTP Desync Attack☆28Updated 4 years ago
- My talks...☆24Updated last month
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆22Updated 5 months ago
- ☆9Updated 10 months ago
- Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1☆57Updated last year
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆84Updated 4 months ago
- 2022 CTF public release☆23Updated 2 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆12Updated last year
- Python code to Serialize and Unserialize java binary serialization format.☆19Updated last month
- POC for RCE vulnerability in ParseExcel library, and ParseXLSX too, as a depending library☆16Updated 6 months ago