wspr-ncsu / github-actions-security-analysis

Related projects: ⓘ

• abhisek / supply-chain-security-gateway
  Reference architecture and proof of concept implementation for supply chain security gateway
  ☆23Updated last year
• Frichetten / aws_api_shapeshifter
  A small library to alter AWS API requests; Used for fuzzing research
  ☆21Updated 10 months ago
• twistlock / lambda-persistency-poc
  PoC for gaining persistency on vulnerable Lambdas
  ☆30Updated 3 years ago
• ramimac / breach-list-database
  A meta-database collecting resources that compile lists of breaches
  ☆17Updated 5 months ago
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆19Updated last month
• nccgroup / insject
  insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
  ☆49Updated 2 years ago
• BreakingMhet / honeyzure
  HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…
  ☆15Updated 3 months ago
• alt3kx / wafparan01d3
  Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool
  ☆25Updated 2 years ago
• SonarSource / argument-injection-vectors
  A curated list of argument injection vectors
  ☆37Updated 3 weeks ago
• carlospolop / bf-aws-perms-simulate
  ☆15Updated 7 months ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆38Updated 9 months ago
• christophetd / aws-sso-device-code-authentication
  ☆22Updated 3 years ago
• crypsisgroup / ebs-direct-sec-tools
  Fun tools around the EBS Direct API
  ☆17Updated 3 years ago
• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 2 years ago
• AnubisSec / GroovyWaiter
  ☆17Updated 2 years ago
• cedowens / Helpful_aws-scripts
  python3 scripts to help with aws triage needs
  ☆15Updated 2 years ago
• nccgroup / cowcloud
  ☆58Updated last year
• BishopFox / awsservicemap
  Go module that returns supported regions for a service or supported services for a region
  ☆14Updated 3 months ago
• AdnaneKhan / ActionsTOCTOU
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆20Updated 2 months ago
• hupe1980 / awsrecon
  Tool for reconnaissance of AWS cloud environments
  ☆13Updated 11 months ago
• sebastian-mora / awsssome_phish
  AWS SSO serverless phishing API.
  ☆29Updated 3 years ago
• nccgroup / SFPolDevChk
  Salesforce Policy Deviation Checker
  ☆29Updated 3 years ago
• cloud-sniper / dagobah
  ☆15Updated this week
• praetorian-inc / konstellation
  Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.
  ☆19Updated last year
• akabe1 / akabe1-semgrep-rules
  My collection of Semgrep rules for vulnerability detection on source code (swift, java)
  ☆30Updated 6 months ago
• darryk10 / CVE-2021-25735
  Exploit CVE-2021-25735: Kubernetes Validating Admission Webhook Bypass
  ☆18Updated 3 years ago
• nianticlabs / modron
  Modron - Cloud security compliance
  ☆32Updated 10 months ago
• PortSwigger / attack-surface-detector
  The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
  ☆13Updated 2 years ago
• doyensec / oidc-ssrf
  An Evil OIDC Server
  ☆49Updated last year
• doyensec / cloudsec-tidbits
  Blogpost series showcasing interesting cloud - web app security bugs
  ☆44Updated last year