lunasec-io / damn-vulnerable-js-sca
An intentionally vulnerable Javascript app containing notable vulnerabilities in its dependencies.
β16Updated last year
Related projects: β
- πA dependency-aware GraphQL API fuzzing toolβ120Updated this week
- Manager of third-party sources of Semgrep rules πβ74Updated last month
- An Open Letter to the OWASP Boardβ105Updated last year
- My collection of Semgrep rules for vulnerability detection on source code (swift, java)β30Updated 6 months ago
- a web fuzzer using the httpipe formatβ99Updated 5 months ago
- An AWS metadata enumeration tool by Plerionβ72Updated 7 months ago
- β61Updated this week
- prel(iminary) is an application that temporarily assigns Google Cloud IAM Roles and includes an approval process.β30Updated this week
- β30Updated 3 years ago
- Atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.β46Updated 2 weeks ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β38Updated 9 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β19Updated last month
- a hackbot proof-of-conceptβ33Updated 6 months ago
- A project to visualize the software supply chainβ33Updated last year
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)β20Updated 2 months ago
- Nuclei plugins to audit Chrome extensionsβ64Updated 2 months ago
- HashiCorp-relevant rules for the Semgrep code analysis toolβ37Updated 11 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ95Updated 7 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ76Updated this week
- β43Updated this week
- Sample code for finding AWS Account ID of an S3 bucket.β46Updated 6 months ago
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.β35Updated 3 months ago
- Language-agnostic workflow builder. Modular code that goes from dev to prod in a minute with principled design decisions.β12Updated 6 months ago
- β108Updated last year
- Function callpath mapping analysis tool for Goβ27Updated last week
- Modular web-application honeypot platform built using go and ginβ52Updated 4 months ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.β56Updated 2 years ago
- PΔkiki is an intercepting proxy designed to help penetration testers find security vulnerabilities in web or mobile applications. This reβ¦