dxa4481 / AttackingAndDefendingTheGCPMetadataAPILinks
This repo gives an overview of some GCP metadata API attack and defend patterns
☆78Updated 5 years ago
Alternatives and similar repositories for AttackingAndDefendingTheGCPMetadataAPI
Users that are interested in AttackingAndDefendingTheGCPMetadataAPI are comparing it to the libraries listed below
Sorting:
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆78Updated 3 years ago
- A tool for automatically gathering sensitive information from exposed Jenkins servers☆104Updated 3 years ago
- Burp Extension for AWS Signing☆90Updated last year
- Proof-of-concept CORS exploitation tool.☆35Updated 6 years ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆81Updated 6 years ago
- Pentester-focused Docker registry tool to enumerate and pull images☆112Updated 5 years ago
- Jekyll Files for cloudsecwiki.com☆49Updated 4 years ago
- OAuth Security Cheatsheet☆40Updated 11 years ago
- Repository for all the workshop content delivered at nullcon X on 1st of March 2019☆80Updated 6 years ago
- Burp with Friends☆103Updated 2 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆104Updated 6 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated 2 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆83Updated 5 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆14Updated 3 years ago
- JIRA Secure Attachment Looter☆71Updated 5 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆94Updated last year
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆110Updated 2 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆66Updated 2 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 4 years ago
- Application and Service Fingerprinting☆133Updated 3 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆40Updated 4 years ago
- Salesforce Policy Deviation Checker☆30Updated 5 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆114Updated 6 years ago
- Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.☆76Updated 5 years ago
- A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.☆38Updated 7 years ago
- An AWS Lambda vulnerable application written in flask.☆49Updated 8 years ago
- Scripts that we use for pentesting☆42Updated 8 years ago
- Assorted tools for security-related task for git repositories☆58Updated 3 years ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Updated 7 years ago