nccgroup / cq
☆115Updated last year
Related projects ⓘ
Alternatives and complementary repositories for cq
- CoWitness is a powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to …☆118Updated 7 months ago
- A GraphQL enumeration and extraction tool☆128Updated last year
- boostsecurityio/lotp☆101Updated 7 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆131Updated last year
- A curated list of argument injection vectors☆37Updated 2 months ago
- ☆110Updated last year
- Manager of third-party sources of Semgrep rules 🗂☆76Updated 4 months ago
- ☆40Updated last month
- ☆91Updated 2 years ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆98Updated 9 months ago
- WhereToGo - is a list of popular services that might be used in organizations. By having an account of the user - you can try to find ent…☆117Updated 2 years ago
- HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems.☆58Updated 4 months ago
- Burp Extension to add additional functionality for pentesting websocket based applications☆83Updated 5 months ago
- Enumerate AWS permissions and resources.☆64Updated 2 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock …☆174Updated last month
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- A python module to explore the object tree to extract paths to interesting objects in memory.☆79Updated 8 months ago
- External Playbooks for Public Access☆31Updated 8 months ago
- This repository offers insights and a proof-of-concept tool to exploit two significant deserialization vulnerabilities in Inductive Autom…☆45Updated 10 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆46Updated last year
- Some of my rough notes for Docker threat detection☆46Updated last year
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆252Updated 4 months ago
- ☆71Updated 4 months ago
- Command line fuzzer and bruteforcer 🌪 wfuzz for command☆86Updated 2 years ago
- ☆158Updated 3 years ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- ☆175Updated 2 weeks ago
- ☆31Updated last year