dxa4481 / AttackingAndDefendingTheGCPMetadataAPILinks
This repo gives an overview of some GCP metadata API attack and defend patterns
☆76Updated 5 years ago
Alternatives and similar repositories for AttackingAndDefendingTheGCPMetadataAPI
Users that are interested in AttackingAndDefendingTheGCPMetadataAPI are comparing it to the libraries listed below
Sorting:
- ReconJSON is a project dedicated to creating a flexible and consistent JSON format across popular recon tools.☆102Updated 6 years ago
- Proof-of-concept CORS exploitation tool.☆35Updated 5 years ago
- Curated list of public penetration testing reports released by several consulting firms☆48Updated 7 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆114Updated 6 years ago
- Application and Service Fingerprinting☆133Updated 2 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated 2 years ago
- A repository for GraphQL Extension for Burp Suite☆57Updated 6 years ago
- Ruby command-line interface to Burp Suite's REST API☆59Updated 5 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆83Updated 5 years ago
- Burp Suite Importer - Connect to multiple web servers while populating the sitemap.☆48Updated 5 years ago
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).☆122Updated 2 years ago
- All-in-one AWS S3 bucket tool for pentesters.☆74Updated 6 years ago
- Notes as I learn basic AWS penetration testing☆67Updated 6 years ago
- This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level …☆60Updated 6 years ago
- This is a web application fuzzer scanner - the goal was CLI flexibility and rapid prototyping☆48Updated 5 years ago
- This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…☆52Updated 5 years ago
- ☆52Updated last year
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆103Updated last year
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Updated 6 years ago
- OAuth Security Cheatsheet☆40Updated 11 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆63Updated 2 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 4 years ago
- Burp with Friends☆103Updated 2 years ago
- A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!☆33Updated 6 years ago
- Burp Extension for AWS Signing☆89Updated 5 months ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆92Updated last year
- Simple wrapper for meg that sieves through meg's output for you.☆60Updated 5 years ago
- DupeKeyInjector☆135Updated 3 years ago