boostsecurityio / lotp
boostsecurityio/lotp
☆100Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for lotp
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆129Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆251Updated 2 weeks ago
- HASH (HTTP Agnostic Software Honeypot)☆128Updated 6 months ago
- ☆109Updated last year
- ☆151Updated 2 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆100Updated 8 months ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆196Updated last month
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆97Updated 9 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆39Updated 2 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated 10 months ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆161Updated last month
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆165Updated this week
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆92Updated 11 months ago
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆82Updated last month
- Nuclei plugins to audit Chrome extensions☆64Updated 3 months ago
- Protect against subdomain takeover☆92Updated 5 months ago
- Manager of third-party sources of Semgrep rules 🗂☆76Updated 3 months ago
- ☆166Updated last month
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆206Updated 2 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆82Updated 9 months ago
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆48Updated 8 months ago
- An LLM and OCR based Indicator of Compromise Extraction Tool☆30Updated 7 months ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆34Updated last month
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- ☆115Updated last year
- Blogpost series showcasing interesting cloud - web app security bugs☆45Updated last year
- A tool to uncover undocumented APIs from the AWS Console.☆80Updated last month
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆60Updated 4 months ago