jaxley / python-fortify

Related projects: ⓘ

• irsl / jackson-rce-via-spel
  An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
  ☆121Updated 6 years ago
• NetsOSS / headless-burp
  Automate security tests using Burp Suite.
  ☆222Updated 3 months ago
• Contrast-Security-OSS / joogle
  A static analysis API for finding deserialization attack gadgets
  ☆37Updated last year
• cxai / Checkmarx-PowerTools
  A collection of various scripts and automations to simplify Checkmarx SAST and IAST setup and use
  ☆14Updated 6 years ago
• ramshazar / orangetsai-springboot-actuator-poc
  ☆27Updated 3 years ago
• summitt / burp-ysoserial
  YSOSERIAL Integration with burp suite
  ☆160Updated last year
• javaExploit / jackson-rce-via-two-new-gadgets
  ☆23Updated this week
• mbechler / serjs
  A Java serializer in JavaScript
  ☆82Updated 6 years ago
• mbechler / serianalyzer
  A static byte code analyzer for Java deserialization gadget research
  ☆242Updated 7 years ago
• advanced-security / custom-codeql-bundle
  An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations…
  ☆25Updated 2 years ago
• JavanXD / Demo-Exploit-Jackson-RCE
  Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.
  ☆17Updated 5 years ago
• pwntester / SpringBreaker
  Exploit PoC for Spring RCE issue (CVE-2011-2894)
  ☆41Updated 9 months ago
• wuntee / BurpAuthzPlugin
  ☆75Updated 11 years ago
• ryohare / fortify-structural-rules-guide
  A technique for developing Fortify structural rules and characterization rules.
  ☆13Updated 4 years ago
• CaledoniaProject / CVE-2018-1270
  Spring messaging STOMP protocol RCE
  ☆114Updated 6 years ago
• Bypass007 / vuln
  Record some Vulnerabilities
  ☆44Updated last year
• siberas / sjet
  siberas JMX exploitation toolkit
  ☆127Updated last year
• dozernz / cve-2020-11651
  ☆103Updated 4 years ago
• appsecco / json-flash-csrf-poc
  This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.
  ☆75Updated 6 years ago
• veracode-research / actuator-testbed
  A vulnerable application exposing Spring Boot Actuators
  ☆123Updated 5 years ago
• zerothoughts / spring-jndi
  Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4
  ☆116Updated 5 years ago
• mogwaisec / mjet
  Mogwai Java Management Extensions (JMX) Exploitation Toolkit
  ☆172Updated 8 years ago
• GitHubSecurityLab / gh-qldb
  CodeQL database manager
  ☆44Updated 7 months ago
• pinnace / burp-jwt-fuzzhelper-extension
  JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.
  ☆98Updated 5 years ago
• jjf012 / PassiveScanner
  a passive scanner based on Mitmproxy and Arachni
  ☆112Updated 7 years ago
• ssexxe / XXEBugFind
  A tool for detecting XML External Entity (XXE) vulnerabilities in Java applications
  ☆72Updated 10 years ago
• Morningstar / GoASQ
  General Open Architecture Security Questionnaire
  ☆30Updated last year
• LeadroyaL / java-xxe-defense-demo
  java xxe defense demo
  ☆46Updated 5 years ago
• Bort-Millipede / WLT3Serial
  Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.
  ☆35Updated 4 years ago
• cldrn / codeql-queries
  My CodeQL queries collection
  ☆93Updated last year