There are no reviews yet. Be the first to send feedback to the community and the maintainers!
poc-graphql
Research on GraphQL from an AppSec point of view.toolbox-pentest-web
Docker toolbox for pentest of web based application.burp-piper-custom-scripts
Custom scripts for the PIPER Burp extensions.virtualhost-payload-generator
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.log-requests-to-sqlite
BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.pst-digger
Program to analyze mails stored into a Microsoft Outlook PST file and find one based on search keywords.document-upload-protection
POC in order to protect an document upload application feature against "malicious" document submission.website-passive-reconnaissance
Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.poc-csrf
POC in order to materialize CSRF prevention concepts described in the following OWASP CSRF cheatsheetpoc-jwt
POC about usage of JSON Web Tokens (JWT) in a secure way.access-brute-forcer
Android v7+ application to perform a dictionary brute force attack against a host.tls-cert-discovery
Script to identify new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.injection-cheat-sheets
Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).poc-authz-testing
POC in order to explore and describe a proposition for the automation of the testing of the authorization matrix.powershell-android-utils
PowerShell module providing utility commands to manipulate a APK file on Windowspoc-idor
POC in order to materialize IDOR prevention concepts described in the following OWASP cheatsheettoolbox-jwt
Docker toolbox with different scripts having for the objective to perform different kinds of attacks against JWT tokens.poc-websocket
POC in order to materialize prevention concepts described in the following OWASP WebSocket cheatsheetrobots-disallowed-dict-builder
Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sitesclipboard-stalker
Android v6+ application to monitor (stalk) the clipboard and grab the content.ws-probing-shell
Interactive shell in order to probe/analyze a WebSocket endpoint.log4shell-payload-grabber
Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.external-storage-stalker
Android v6+ application to monitor (stalk) all the external storage locations referenced into the system and list the files that can be accessed in read mode.poc-argon2
POC in order to materialize prevention concepts described in the following OWASP cheatsheetpoc-argon2-php
POC in order to materialize prevention concepts described in the following OWASP cheatsheetpoc-error-handling
POC in order to find the right setup to define a global error handler in differents web based technologiessandbox
Provide network listeners during online training web challenges/labs.voxxeddays-lux-2018
Demo project of my talkpkcheck
Program brute forcing the passphrase of a private keyvoxxeddays-lux-2022
Demonstration videos and presentation regarding the talk given at the VOXXED LU 2022 conference.Love Open Source and this site? Check out how you can help us