dxa4481 / AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns
☆76Updated 4 years ago
Alternatives and similar repositories for AttackingAndDefendingTheGCPMetadataAPI:
Users that are interested in AttackingAndDefendingTheGCPMetadataAPI are comparing it to the libraries listed below
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆103Updated 6 years ago
- Pentester-focused Docker registry tool to enumerate and pull images☆105Updated 5 years ago
- Proof-of-concept CORS exploitation tool.☆35Updated 5 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆111Updated 5 years ago
- A tool for automatically gathering sensitive information from exposed Jenkins servers☆103Updated 2 years ago
- This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level…☆60Updated 6 years ago
- Repository for all the workshop content delivered at nullcon X on 1st of March 2019☆81Updated 5 years ago
- All-in-one AWS S3 bucket tool for pentesters.☆72Updated 6 years ago
- This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…☆52Updated 5 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆82Updated 4 years ago
- Notes as I learn basic AWS penetration testing☆68Updated 5 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 4 years ago
- Burp with Friends☆102Updated 2 years ago
- Use burp's JS static code analysis on code from your local system.☆42Updated 8 years ago
- Testing/collecting some container breakouts☆93Updated 5 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated last year
- S3 bucket enumerator☆44Updated 7 years ago
- A CLI tool to interact with hackerone.com. This was my submission for HackerOne's Summer 2018 Hack Day.☆38Updated 6 years ago
- Highlight Burp proxy requests made by different browsers☆30Updated 7 years ago
- Ruby command-line interface to Burp Suite's REST API☆59Updated 4 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆91Updated last year
- A horizontal and vertical web content enumerator☆51Updated 6 years ago
- Scans packages in npm and pypi for secrets☆30Updated 5 years ago
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).☆123Updated last year
- A repository for GraphQL Extension for Burp Suite☆57Updated 6 years ago
- Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulne…☆31Updated 2 years ago
- Burp as a Docker Container☆59Updated 4 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- Fetch known urls from AlienVault's Open Threat Exchange for given hosts☆61Updated 5 years ago