A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
☆226May 9, 2024Updated last year
Alternatives and similar repositories for fuzz-lightyear
Users that are interested in fuzz-lightyear are comparing it to the libraries listed below
Sorting:
- RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security…☆2,868Feb 13, 2026Updated 2 weeks ago
- OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.☆110Dec 6, 2022Updated 3 years ago
- Send notifications on different channels such as Slack, Telegram, Discord etc.☆39Jan 12, 2026Updated last month
- Fuzz test your application using your OpenAPI or Swagger API definition without coding☆466Mar 6, 2025Updated 11 months ago
- A very vulnerable implementation of a GraphQL API.☆61Nov 12, 2021Updated 4 years ago
- ☆57Jun 17, 2020Updated 5 years ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated 11 months ago
- Search exposed EBS volumes for secrets☆302Apr 24, 2023Updated 2 years ago
- ☆69Jul 18, 2025Updated 7 months ago
- Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volum…☆14Sep 18, 2020Updated 5 years ago
- A very vulnerable implementation of a GraphQL API.☆17Feb 12, 2026Updated 2 weeks ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆76Jul 15, 2021Updated 4 years ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,737Feb 16, 2026Updated 2 weeks ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆104Feb 11, 2019Updated 7 years ago
- Website for a Django-based Web Security Tutorial☆14Sep 22, 2019Updated 6 years ago
- OpenCSPM Community Controls☆14May 18, 2021Updated 4 years ago
- Short deep dive into Threat Hunting on AWS☆17Oct 15, 2023Updated 2 years ago
- Scripts to help with different ffuf tasks and workflows☆223Dec 24, 2023Updated 2 years ago
- Tool for CVE-2018-16323☆82Jan 17, 2019Updated 7 years ago
- goSDL☆522Nov 3, 2025Updated 4 months ago
- Dashboard/API + DNS/HTTP Servers to identify Out of Band Resolution in Payloads☆38Jun 10, 2021Updated 4 years ago
- Piper Burp Suite Extender plugin☆129Jan 14, 2026Updated last month
- This repo gives an overview of some GCP metadata API attack and defend patterns☆79Mar 23, 2020Updated 5 years ago
- Research on GraphQL from an AppSec point of view.☆418May 24, 2023Updated 2 years ago
- Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM☆180May 19, 2025Updated 9 months ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.☆558Mar 6, 2023Updated 2 years ago
- A Security Scanner for Go☆26Feb 11, 2019Updated 7 years ago
- A file system that mutates files☆14Jul 20, 2020Updated 5 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This …☆63Jan 17, 2022Updated 4 years ago
- Cloudformation Template and Lambda to detect if Instance Profile credentials are being used outside your AWS Account.☆29Aug 18, 2019Updated 6 years ago
- REST/JSON API to the Burp Suite security tool.☆563Jul 14, 2025Updated 7 months ago
- A highly configurable Framework for easy automated web scanning☆381Jul 13, 2020Updated 5 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- A simple SSRF-testing sheriff written in Go☆336Oct 31, 2024Updated last year
- Monitoring GitHub for sensitive data shared publicly☆65Dec 20, 2021Updated 4 years ago
- A tool to list the SSH clone URLs for all GitHub repos for a given user☆14Feb 7, 2016Updated 10 years ago
- Coverage-guided, in-process fuzzing for the JVM☆1,199Updated this week
- DOM XSS scanner for Single Page Applications☆415Nov 15, 2025Updated 3 months ago