• This repository has been archived on 06/Dec/2020
  • Stars
    star
    9
  • Rank 1,939,727 (Top 39 %)
  • Language
    Java
  • Created over 8 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).

More Repositories

1

poc-graphql

Research on GraphQL from an AppSec point of view.
Java
404
star
2

toolbox-pentest-web

Docker toolbox for pentest of web based application.
Python
121
star
3

burp-piper-custom-scripts

Custom scripts for the PIPER Burp extensions.
Python
97
star
4

virtualhost-payload-generator

BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
Java
61
star
5

log-requests-to-sqlite

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Java
60
star
6

pst-digger

Program to analyze mails stored into a Microsoft Outlook PST file and find one based on search keywords.
Java
55
star
7

document-upload-protection

POC in order to protect an document upload application feature against "malicious" document submission.
Java
40
star
8

log4shell-analysis

Contains all my research and content produced regarding the log4shell vulnerability
Java
32
star
9

website-passive-reconnaissance

Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.
Python
31
star
10

poc-csrf

POC in order to materialize CSRF prevention concepts described in the following OWASP CSRF cheatsheet
Java
30
star
11

poc-jwt

POC about usage of JSON Web Tokens (JWT) in a secure way.
Java
26
star
12

access-brute-forcer

Android v7+ application to perform a dictionary brute force attack against a host.
Java
17
star
13

tls-cert-discovery

Script to identify new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.
Python
10
star
14

poc-authz-testing

POC in order to explore and describe a proposition for the automation of the testing of the authorization matrix.
Java
8
star
15

powershell-android-utils

PowerShell module providing utility commands to manipulate a APK file on Windows
PowerShell
7
star
16

poc-idor

POC in order to materialize IDOR prevention concepts described in the following OWASP cheatsheet
Java
7
star
17

toolbox-jwt

Docker toolbox with different scripts having for the objective to perform different kinds of attacks against JWT tokens.
Shell
5
star
18

poc-websocket

POC in order to materialize prevention concepts described in the following OWASP WebSocket cheatsheet
Java
4
star
19

robots-disallowed-dict-builder

Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites
Python
4
star
20

clipboard-stalker

Android v6+ application to monitor (stalk) the clipboard and grab the content.
Java
3
star
21

ws-probing-shell

Interactive shell in order to probe/analyze a WebSocket endpoint.
Python
3
star
22

log4shell-payload-grabber

Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.
Java
3
star
23

external-storage-stalker

Android v6+ application to monitor (stalk) all the external storage locations referenced into the system and list the files that can be accessed in read mode.
Java
2
star
24

poc-argon2

POC in order to materialize prevention concepts described in the following OWASP cheatsheet
Java
2
star
25

poc-argon2-php

POC in order to materialize prevention concepts described in the following OWASP cheatsheet
PHP
2
star
26

poc-error-handling

POC in order to find the right setup to define a global error handler in differents web based technologies
JavaScript
1
star
27

sandbox

Provide network listeners during online training web challenges/labs.
Shell
1
star
28

voxxeddays-lux-2018

Demo project of my talk
Java
1
star
29

pkcheck

Program brute forcing the passphrase of a private key
Go
1
star
30

voxxeddays-lux-2022

Demonstration videos and presentation regarding the talk given at the VOXXED LU 2022 conference.
PHP
1
star