chrisallenlane / drek
A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
☆140Updated 8 months ago
Alternatives and similar repositories for drek:
Users that are interested in drek are comparing it to the libraries listed below
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆138Updated 4 years ago
- A More or less Random Collection of Scripts for security Testing.☆65Updated 2 years ago
- Testing/collecting some container breakouts☆93Updated 5 years ago
- Code Review Audit Script Scanner☆140Updated last year
- burpbuddy exposes Burp Suites's extender API over the network through various mediums, with the goal of enabling development in any langu…☆157Updated 6 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆102Updated 6 years ago
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆164Updated last year
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆82Updated 4 years ago
- An example of obtaining RCE via Redis and CSRF☆76Updated 8 years ago
- User, contributor and developer friendly vulnerability database☆129Updated 6 years ago
- Example signature files for drek.☆11Updated 7 years ago
- Improved decoder for Burp Suite☆137Updated 3 years ago
- A project designed to parse public source code repositories and find various types of vulnerabilities.☆191Updated 7 years ago
- TLS Redirection☆120Updated 7 years ago
- AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.☆247Updated 3 years ago
- ☆122Updated 7 years ago
- The Unofficial Burp Extension for DNSDumpster.com☆70Updated 7 years ago
- Watchtower is a Static Code Analysis tool designed to assist security auditors who are tasked with performing manual code reviews. It is …☆112Updated 7 years ago
- Portable and flexible web application security assessment tool.It parses Burp Suite log and performs various tests depending on the modul…☆121Updated 6 years ago
- A DB of known Web Application Admin URLS, Username/Password Combos and Exploits☆153Updated 9 years ago
- Google Cloud Platform Security Tool☆234Updated 5 years ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆80Updated 5 years ago
- Fast subdomains enumeration tool for penetration testers☆117Updated 6 years ago
- A deliberately vulnerable modern day app with lots of DOM related bugs☆36Updated 5 years ago
- ☆89Updated last month
- Duncan - Blind SQL injector skeleton☆56Updated 3 years ago
- Store Burp data and collaborate via git☆53Updated 5 years ago
- Highlight Burp proxy requests made by different browsers☆30Updated 7 years ago
- Scan for and exploit Consul agents☆40Updated 5 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago