pentagridsec / archive_pwn
A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes
☆41Updated 11 months ago
Related projects: ⓘ
- Simple PoC for demonstrating Race Conditions on Websockets☆49Updated last year
- dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-facto…☆34Updated 4 months ago
- Use the GCP testIamPermissions functionality to bruteforce and discover your permissions☆15Updated 2 weeks ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆19Updated last month
- FireProx written in Go☆17Updated 5 months ago
- cvet is a Python utility for pulling actionable vulnerabilities from cvetrends.com☆37Updated 2 years ago
- An Evil OIDC Server☆49Updated last year
- ☆18Updated 6 months ago
- ☆28Updated last year
- Check robustness of your (their) Active Directory accounts passwords☆32Updated 6 months ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆20Updated 2 months ago
- A collection of utilities for building extensions using Burp's Montoya API☆46Updated 2 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- A collection of my Semgrep rules☆46Updated last year
- Tool for analyzing SAP Secure Network Communications (SNC).☆49Updated 5 months ago
- ☆20Updated this week
- ysoserial.net docker image☆27Updated 7 months ago
- Enumerate AWS permissions and resources.☆62Updated 2 years ago
- A National Vulnerability Database (NVD) API query tool☆17Updated last year
- ☆17Updated last year
- Dependency Confusion Security Testing Tool☆39Updated 2 years ago
- A tool to parse, deduplicate, and query multiple port scans.☆57Updated last year
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆30Updated last year
- Automated privilege escalation of the world's most popular Docker images.☆62Updated 11 months ago
- A simple Toolkit to BF and decrypt Windows EntraId CacheData☆12Updated 2 months ago
- spk aka spritzgebaeck: A small OSINT/Recon tool to find CIDRs that belong to a specific organization.☆79Updated 4 months ago
- ElasticSearch exploit and Pentesting guide for penetration tester☆22Updated last year
- ☆31Updated last year
- My collection of Semgrep rules for vulnerability detection on source code (swift, java)☆30Updated 6 months ago
- ☆10Updated 2 years ago