doyensec / regexploit
Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
☆791Updated 9 months ago
Related projects ⓘ
Alternatives and complementary repositories for regexploit
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆695Updated 2 months ago
- Finding potential software vulnerabilities from git commit messages☆395Updated last year
- ☆654Updated 2 years ago
- Semgrep rules registry☆804Updated this week
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.☆355Updated 3 years ago
- Collections of Orange Tsai's public presentation slides.☆712Updated 3 months ago
- Reverse proxies cheatsheet☆1,778Updated last year
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)☆650Updated 2 years ago
- CORS Misconfiguration Scanner☆1,372Updated 2 years ago
- This repository contains all the XSS cheatsheet data to allow contributions from the community.☆403Updated this week
- 🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.☆831Updated 3 weeks ago
- A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…☆209Updated 6 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆803Updated 2 years ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,537Updated 4 months ago
- Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"☆197Updated last year
- Fast HTTP enumerator☆460Updated 3 months ago
- ☆528Updated 10 months ago
- A collection of browser-based side channel attack vectors.☆737Updated 7 months ago
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…☆513Updated 4 months ago
- Client Side Prototype Pollution Scanner☆511Updated 2 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆335Updated 2 months ago
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆1,054Updated 9 months ago
- ☆684Updated last year
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆1,813Updated 10 months ago
- Prototype Pollution and useful Script Gadgets☆1,399Updated 9 months ago
- ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.☆674Updated last year
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,041Updated 9 months ago
- Coverage-based fuzzer for python applications☆233Updated 2 years ago
- 🦄🔒 Awesome list of secrets in environment variables 🖥️☆865Updated 2 years ago