dxa4481 / AttackingAndDefendingTheGCPMetadataAPILinks
This repo gives an overview of some GCP metadata API attack and defend patterns
☆77Updated 5 years ago
Alternatives and similar repositories for AttackingAndDefendingTheGCPMetadataAPI
Users that are interested in AttackingAndDefendingTheGCPMetadataAPI are comparing it to the libraries listed below
Sorting:
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆78Updated 3 years ago
- A tool for automatically gathering sensitive information from exposed Jenkins servers☆104Updated 3 years ago
- Burp Extension for AWS Signing☆90Updated 10 months ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆81Updated 5 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆65Updated 2 years ago
- Application and Service Fingerprinting☆133Updated 3 years ago
- Proof-of-concept CORS exploitation tool.☆35Updated 6 years ago
- OAuth Security Cheatsheet☆40Updated 11 years ago
- Repository for all the workshop content delivered at nullcon X on 1st of March 2019☆81Updated 6 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated 2 years ago
- Pentester-focused Docker registry tool to enumerate and pull images☆112Updated 5 years ago
- JIRA Secure Attachment Looter☆70Updated 5 years ago
- Burp with Friends☆103Updated 2 years ago
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆104Updated 6 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆83Updated 5 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆93Updated last year
- An AWS Lambda vulnerable application written in flask.☆49Updated 8 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆114Updated 6 years ago
- Scripts that we use for pentesting☆42Updated 8 years ago
- S3 bucket enumerator☆44Updated 8 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆14Updated 3 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆108Updated last year
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- Notes as I learn basic AWS penetration testing☆67Updated 6 years ago
- Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.☆77Updated 4 years ago
- Assorted tools for security-related task for git repositories☆58Updated 3 years ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Updated 7 years ago
- A tool to evaluate Content Security Policies.☆71Updated 5 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆40Updated 4 years ago
- This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…☆52Updated 5 years ago