righettod / poc-graphqlLinks
Research on GraphQL from an AppSec point of view.
☆415Updated 2 years ago
Alternatives and similar repositories for poc-graphql
Users that are interested in poc-graphql are comparing it to the libraries listed below
Sorting:
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations☆386Updated 2 years ago
- A simple SSRF-testing sheriff written in Go☆327Updated 7 months ago
- GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations☆312Updated last month
- secretz, minimizing the large attack surface of Travis CI☆326Updated 3 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆304Updated 4 years ago
- SSRF testing tool☆244Updated 2 years ago
- Burp Suite Extension to monitor new scope☆198Updated 4 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆301Updated 2 years ago
- GraphQL security testing tool☆122Updated 3 years ago
- Security Testing Scripts for JWT☆315Updated 2 years ago
- DOM XSS scanner for Single Page Applications☆411Updated 3 weeks ago
- Predict Mongo ObjectIds☆137Updated 7 years ago
- A tool geared towards pentesting APIs using OpenAPI definitions.☆177Updated 2 years ago
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆647Updated 2 weeks ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆260Updated 3 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆353Updated 4 years ago
- A starter secure code review checklist☆182Updated 6 years ago
- vulnerable single sign on☆147Updated 10 months ago
- Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"☆206Updated 2 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆534Updated 6 years ago
- Security Auditor Utility for GraphQL APIs☆477Updated 4 months ago
- Fuzzing Payloads to Assist in Web Application Testing.☆166Updated 6 years ago
- Continuous monitoring for JavaScript files☆220Updated 5 years ago
- A Bind9 server for pentesters to use for Out-of-Band vulnerabilities☆191Updated 5 years ago
- Client Side Prototype Pollution Scanner☆518Updated 2 years ago
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆316Updated last year
- Tool for catching and logging different types of requests.☆220Updated 4 years ago
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆454Updated 6 years ago
- Automatically exported from code.google.com/p/domxsswiki☆537Updated 7 years ago
- This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…☆287Updated 5 months ago