righettod / poc-graphql

Related projects: ⓘ

• assetnote / batchql
  GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
  ☆361Updated last year
• fcavallarin / domdig
  DOM XSS scanner for Single Page Applications
  ☆394Updated 2 months ago
• dolevf / graphw00f
  graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…
  ☆540Updated last week
• nicholasaleks / graphql-threat-matrix
  GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
  ☆273Updated 9 months ago
• teknogeek / ssrf-sheriff
  A simple SSRF-testing sheriff written in Go
  ☆310Updated 5 months ago
• lc / secretz
  secretz, minimizing the large attack surface of Travis CI
  ☆321Updated 2 years ago
• RhinoSecurityLabs / Swagger-EZ
  A tool geared towards pentesting APIs using OpenAPI definitions.
  ☆167Updated last year
• szski / shapeshifter
  GraphQL security testing tool
  ☆113Updated 2 years ago
• BishopFox / json-interop-vuln-labs
  Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"
  ☆194Updated last year
• Regala / burp-scope-monitor
  Burp Suite Extension to monitor new scope
  ☆195Updated 3 years ago
• cablej / FileChangeMonitor
  Continuous monitoring for JavaScript files
  ☆216Updated 4 years ago
• mazen160 / jwt-pwn
  Security Testing Scripts for JWT
  ☆305Updated 2 years ago
• dolevf / graphql-cop
  Security Auditor Utility for GraphQL APIs
  ☆346Updated last week
• doyensec / burpdeveltraining
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆344Updated 3 years ago
• prodigysml / Dr.-Watson
  Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…
  ☆213Updated 4 years ago
• NotSoSecure / cloud-service-enum
  ☆222Updated 2 months ago
• ameenmaali / qsfuzz
  qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
  ☆295Updated last year
• daeken / SSRFTest
  SSRF testing tool
  ☆242Updated last year
• we45 / DVFaaS-Damn-Vulnerable-Functions-as-a-Service
  Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
  ☆135Updated last year
• daeken / httprebind
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆292Updated 4 years ago
• andresriancho / mongo-objectid-predict
  Predict Mongo ObjectIds
  ☆125Updated 6 years ago
• jobertabma / transformations
  ☆171Updated last year
• Static-Flow / BurpSuite-Team-Extension
  This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …
  ☆252Updated last year
• aress31 / openapi-parser
  Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in …
  ☆191Updated 8 months ago
• makuga01 / dnsFookup
  DNS rebinding toolkit
  ☆250Updated last year
• tomdev / teh_s3_bucketeers
  ☆270Updated 2 years ago
• LewisArdern / bXSS
  bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
  ☆500Updated last year
• projectdiscovery / pd-actions
  ☆207Updated this week
• david3107 / graphql-security-labs
  GraphQL security workshop labs
  ☆100Updated 2 months ago
• devoteam-cybertrust / burpcollaborator-docker
  This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…
  ☆279Updated 2 months ago