SonarSource / argument-injection-vectors
A curated list of argument injection vectors
☆40Updated 2 months ago
Alternatives and similar repositories for argument-injection-vectors:
Users that are interested in argument-injection-vectors are comparing it to the libraries listed below
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆40Updated 4 months ago
- ☆32Updated 2 years ago
- ☆62Updated 4 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last month
- Utility for creating ZipSlip archives☆72Updated 2 years ago
- ☆23Updated 2 months ago
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- An Evil OIDC Server☆53Updated 2 years ago
- This repository offers insights and a proof-of-concept tool to exploit two significant deserialization vulnerabilities in Inductive Autom…☆44Updated last year
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆45Updated last year
- php7.4.26-internalog☆13Updated 2 years ago
- A PoC exploit for CVE-2022-41622 - a CSRF in F5 BIG-IP control plane that leads to remote root☆21Updated 2 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆12Updated last year
- Simple WebSocket fuzzer☆32Updated last year
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated last year
- Python code to Serialize and Unserialize java binary serialization format.☆20Updated 2 months ago
- Proof of Concepts for unsafe deserialization in Ruby☆17Updated 6 months ago
- Dependency Confusion Security Testing Tool☆47Updated 2 years ago
- an Evil Java RMI Registry.☆49Updated 2 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆47Updated last year
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆20Updated 3 months ago
- A list of weird comparison in SQL☆14Updated 2 years ago
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆37Updated 2 years ago
- Ansible build for Afl++ Frida-Mode☆23Updated 10 months ago
- Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool☆25Updated 3 years ago
- A collection of utilities for building extensions using Burp's Montoya API☆50Updated 10 months ago
- apkfram was written in order to help any mobile penetration testers to identify the Framework used to develop the Android application.☆10Updated 6 months ago
- Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1☆57Updated last year
- A collection of my Semgrep rules☆49Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated last month