righettod / poc-graphql
Research on GraphQL from an AppSec point of view.
☆405Updated last year
Related projects: ⓘ
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations☆361Updated last year
- DOM XSS scanner for Single Page Applications☆394Updated 2 months ago
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆540Updated last week
- GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations☆273Updated 9 months ago
- A simple SSRF-testing sheriff written in Go☆310Updated 5 months ago
- secretz, minimizing the large attack surface of Travis CI☆321Updated 2 years ago
- A tool geared towards pentesting APIs using OpenAPI definitions.☆167Updated last year
- GraphQL security testing tool☆113Updated 2 years ago
- Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"☆194Updated last year
- Burp Suite Extension to monitor new scope☆195Updated 3 years ago
- Continuous monitoring for JavaScript files☆216Updated 4 years ago
- Security Testing Scripts for JWT☆305Updated 2 years ago
- Security Auditor Utility for GraphQL APIs☆346Updated last week
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆344Updated 3 years ago
- Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…☆213Updated 4 years ago
- ☆222Updated 2 months ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆295Updated last year
- SSRF testing tool☆242Updated last year
- Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities☆135Updated last year
- Automatic tool for DNS rebinding-based SSRF attacks☆292Updated 4 years ago
- Predict Mongo ObjectIds☆125Updated 6 years ago
- ☆171Updated last year
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆252Updated last year
- Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in …☆191Updated 8 months ago
- DNS rebinding toolkit☆250Updated last year
- ☆270Updated 2 years ago
- bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.☆500Updated last year
- ☆207Updated this week
- GraphQL security workshop labs☆100Updated 2 months ago
- This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…☆279Updated 2 months ago