semgrep / semgrep-docs
Documentation of Semgrep: a fast, open-source, static analysis tool.
☆37Updated this week
Related projects: ⓘ
- A collection of my Semgrep rules☆46Updated last year
- Maturity Model Collaborative project☆13Updated last year
- Dependency Combobulator☆85Updated 8 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆19Updated last month
- My custom semgrep rules☆18Updated 4 years ago
- An nmap script to produce target lists for use with various tools.☆33Updated 3 years ago
- multiple password 'asher using Python’s hashlib☆15Updated 3 years ago
- Paper, data and code from Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding In…☆18Updated 3 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆20Updated 2 months ago
- ☆58Updated last year
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆13Updated 2 years ago
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆30Updated last year
- Manager of third-party sources of Semgrep rules 🗂☆74Updated last month
- ☆30Updated this week
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆74Updated 2 years ago
- Salesforce Policy Deviation Checker☆29Updated 3 years ago
- Jekyll Files for cloudsecwiki.com☆49Updated 3 years ago
- A Burp plugin to export findings to DefectDojo☆29Updated 10 months ago
- ZAP Management Scripts☆20Updated last week
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆49Updated 2 years ago
- PoC for gaining persistency on vulnerable Lambdas☆30Updated 3 years ago
- GCP GOAT is the vulnerable application for learn the GCP Security☆61Updated 11 months ago
- A tool to run nmap against each line in a script.☆16Updated 3 years ago
- ☆19Updated 3 years ago
- My collection of Semgrep rules for vulnerability detection on source code (swift, java)☆30Updated 6 months ago
- AWS Security Checks☆36Updated 6 years ago
- Anti-Takeover is a sub domain monitoring tool for (blue/purple) team / internal security team which uses cloud flare. Currently Anti-Take…☆12Updated 4 years ago
- WAF bypass PoC☆43Updated 11 months ago
- ☆22Updated 2 years ago
- GitHub action to run Threagile, the agile threat modeling toolkit, on a repo's threagile.yaml file☆13Updated 4 months ago