chrisallenlane / drek
A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
☆140Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for drek
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆136Updated 4 years ago
- Testing/collecting some container breakouts☆93Updated 5 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆102Updated 5 years ago
- burpbuddy exposes Burp Suites's extender API over the network through various mediums, with the goal of enabling development in any langu…☆156Updated 5 years ago
- Code Review Audit Script Scanner☆140Updated last year
- An example of obtaining RCE via Redis and CSRF☆77Updated 8 years ago
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆163Updated last year
- AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.☆241Updated 2 years ago
- Automatically exported from code.google.com/p/mustache-security☆23Updated 9 years ago
- User, contributor and developer friendly vulnerability database☆129Updated 5 years ago
- A project designed to parse public source code repositories and find various types of vulnerabilities.☆190Updated 7 years ago
- A deliberately vulnerable modern day app with lots of DOM related bugs☆36Updated 5 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆110Updated 5 years ago
- Fast subdomains enumeration tool for penetration testers☆117Updated 5 years ago
- Security Payload Unit Test Repository (SPUTR)☆86Updated last year
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆61Updated last year
- Resources for developers and security engineers to learn the ropes of application security☆99Updated 6 years ago
- Use burp's JS static code analysis on code from your local system.☆42Updated 7 years ago
- Highlight Burp proxy requests made by different browsers☆30Updated 7 years ago
- A HackerOne API client for Python☆19Updated 7 years ago
- Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid…☆82Updated 7 years ago
- Web Application Security☆124Updated 5 months ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆79Updated 4 years ago
- A More or less Random Collection of Scripts for security Testing.☆64Updated 2 years ago