dxa4481 / AttackingAndDefendingTheGCPMetadataAPILinks
This repo gives an overview of some GCP metadata API attack and defend patterns
☆76Updated 5 years ago
Alternatives and similar repositories for AttackingAndDefendingTheGCPMetadataAPI
Users that are interested in AttackingAndDefendingTheGCPMetadataAPI are comparing it to the libraries listed below
Sorting:
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆77Updated 3 years ago
- Burp Extension for AWS Signing☆89Updated 6 months ago
- A tool for automatically gathering sensitive information from exposed Jenkins servers☆104Updated 2 years ago
- Proof-of-concept CORS exploitation tool.☆35Updated 5 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆102Updated 6 years ago
- Burp with Friends☆103Updated 2 years ago
- OAuth Security Cheatsheet☆40Updated 11 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆83Updated 5 years ago
- Application and Service Fingerprinting☆133Updated 2 years ago
- Scripts that we use for pentesting☆42Updated 8 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated 2 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 4 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆114Updated 6 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆103Updated last year
- Pentester-focused Docker registry tool to enumerate and pull images☆111Updated 5 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆93Updated last year
- JIRA Secure Attachment Looter☆70Updated 5 years ago
- Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.☆78Updated 4 years ago
- vulnerable single sign on☆148Updated last year
- S3 bucket enumerator☆44Updated 7 years ago
- Repository for all the workshop content delivered at nullcon X on 1st of March 2019☆81Updated 6 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- An AWS Lambda vulnerable application written in flask.☆49Updated 7 years ago
- Notes as I learn basic AWS penetration testing☆67Updated 6 years ago
- Testing/collecting some container breakouts☆94Updated 6 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆14Updated 3 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆63Updated 2 years ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆81Updated 5 years ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Updated 6 years ago
- A repository for GraphQL Extension for Burp Suite☆57Updated 6 years ago