chrisallenlane / drekLinks
A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
☆141Updated last year
Alternatives and similar repositories for drek
Users that are interested in drek are comparing it to the libraries listed below
Sorting:
- Code Review Audit Script Scanner☆141Updated 4 months ago
- Testing/collecting some container breakouts☆94Updated 6 years ago
- burpbuddy exposes Burp Suites's extender API over the network through various mediums, with the goal of enabling development in any langu…☆157Updated 6 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆83Updated 5 years ago
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆138Updated 5 years ago
- An example of obtaining RCE via Redis and CSRF☆76Updated 9 years ago
- A More or less Random Collection of Scripts for security Testing.☆65Updated 3 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆102Updated 6 years ago
- TLS Redirection☆120Updated 7 years ago
- A DB of known Web Application Admin URLS, Username/Password Combos and Exploits☆155Updated 10 years ago
- An extension for BurpSuite that highlights SSO messages in Burp's proxy window..☆118Updated 4 years ago
- User, contributor and developer friendly vulnerability database☆128Updated 6 years ago
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆168Updated 2 years ago
- Security Payload Unit Test Repository (SPUTR)☆86Updated 2 years ago
- Use burp's JS static code analysis on code from your local system.☆42Updated 8 years ago
- A tool for automatically gathering sensitive information from exposed Jenkins servers☆104Updated 2 years ago
- A project designed to parse public source code repositories and find various types of vulnerabilities.☆192Updated 7 years ago
- AutoTriageBot automatically verifies, deduplicates, and suggests payouts for incoming HackerOne reports.☆56Updated 3 years ago
- Archaeologit scans the history of a user's GitHub repositories for a given pattern to find sensitive things.☆143Updated 7 years ago
- The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch☆114Updated 4 years ago
- Extreme Vulnerable Node Application☆95Updated 6 years ago
- ☆122Updated 7 years ago
- Jaqen - Simple DNS rebinding☆75Updated 7 years ago
- A deliberately vulnerable modern day app with lots of DOM related bugs☆35Updated 6 years ago
- A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform☆165Updated 11 months ago
- Scan for and exploit Consul agents☆40Updated 6 years ago
- Highlight Burp proxy requests made by different browsers☆29Updated 7 years ago
- The knife of the Admin & Security auditor☆42Updated 5 years ago
- ☆33Updated 10 years ago
- GitPwnd is a network penetration tool that lets you use a git repo for command and control of compromised machines☆145Updated 2 years ago