This repo gives an overview of some GCP metadata API attack and defend patterns
☆78Mar 23, 2020Updated 5 years ago
Alternatives and similar repositories for AttackingAndDefendingTheGCPMetadataAPI
Users that are interested in AttackingAndDefendingTheGCPMetadataAPI are comparing it to the libraries listed below
Sorting:
- ☆28Aug 6, 2020Updated 5 years ago
- These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok☆172Feb 6, 2025Updated last year
- Automated GKE Kubelet Impersonation and Cluster Secret Stealer via kube-env☆102Sep 10, 2019Updated 6 years ago
- ☆27Feb 19, 2026Updated last week
- POC for CVE-2018-15685☆42Aug 24, 2018Updated 7 years ago
- XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04☆13Oct 16, 2018Updated 7 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- ☆21Nov 13, 2019Updated 6 years ago
- Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.☆49Jul 20, 2022Updated 3 years ago
- ☆25Jul 5, 2018Updated 7 years ago
- A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.☆38Aug 13, 2018Updated 7 years ago
- Burp Suite Professional extension in Java for Tabnabbing attack☆13May 8, 2018Updated 7 years ago
- An auto-scoring capture-the-flag game focusing on TOCTOU vulnerabilities☆21Oct 28, 2020Updated 5 years ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆554May 26, 2023Updated 2 years ago
- Cracker for Apache.lang.commons RandomStringUtils(). Code for "The Java Soothsayer" talk at EkoParty 2017 by Alejo Popovici.☆33Mar 13, 2018Updated 7 years ago
- DupeKeyInjector☆134Apr 16, 2022Updated 3 years ago
- ☆16Feb 26, 2018Updated 8 years ago
- Tool for CVE-2018-16323☆82Jan 17, 2019Updated 7 years ago
- Generate pentest reports based on github issues.☆16Dec 8, 2022Updated 3 years ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆80Jan 7, 2020Updated 6 years ago
- retrive metadata endpoint data with these one liners.☆41Aug 11, 2020Updated 5 years ago
- ☆21Dec 1, 2019Updated 6 years ago
- Small POC in powershell exploiting hardlinks during the VM deletion process☆53Jan 18, 2020Updated 6 years ago
- Scripts that we use for pentesting☆42Feb 24, 2017Updated 9 years ago
- vulnerable single sign on☆150Aug 1, 2024Updated last year
- Exploit PoC for CVE's and non CVE's alike☆22Jul 24, 2020Updated 5 years ago
- The Outlook HTML Leak Test Project☆131May 12, 2018Updated 7 years ago
- This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level…☆62Jan 24, 2019Updated 7 years ago
- Burp extension to specify the token value for the Authenication header while scanning.☆10Sep 18, 2018Updated 7 years ago
- SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing☆91May 10, 2020Updated 5 years ago
- This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode☆27Jun 25, 2024Updated last year
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Dec 24, 2013Updated 12 years ago
- A ping detection tool for linux☆24Apr 20, 2020Updated 5 years ago
- Miscellaneous C-Sharp projects for red team activities☆24Aug 12, 2022Updated 3 years ago
- CTF Writeups☆26Oct 6, 2019Updated 6 years ago
- Dynamic DNS Update Bruteforce Tool☆29Feb 8, 2017Updated 9 years ago
- Webshell plugin that works on any Atlassian product employing their plugin framework☆27Nov 20, 2017Updated 8 years ago
- apkfram was written in order to help any mobile penetration testers to identify the Framework used to develop the Android application.☆12Oct 9, 2024Updated last year
- A CLI tool for querying passive DNS services☆42Dec 15, 2023Updated 2 years ago