• This repository has been archived on 06/Dec/2020
  • Stars
    star
    3
  • Rank 3,963,521 (Top 79 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Interactive shell in order to probe/analyze a WebSocket endpoint.

More Repositories

1

poc-graphql

Research on GraphQL from an AppSec point of view.
Java
404
star
2

toolbox-pentest-web

Docker toolbox for pentest of web based application.
Python
121
star
3

burp-piper-custom-scripts

Custom scripts for the PIPER Burp extensions.
Python
97
star
4

virtualhost-payload-generator

BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
Java
61
star
5

log-requests-to-sqlite

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Java
60
star
6

pst-digger

Program to analyze mails stored into a Microsoft Outlook PST file and find one based on search keywords.
Java
55
star
7

document-upload-protection

POC in order to protect an document upload application feature against "malicious" document submission.
Java
40
star
8

log4shell-analysis

Contains all my research and content produced regarding the log4shell vulnerability
Java
32
star
9

website-passive-reconnaissance

Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.
Python
31
star
10

poc-csrf

POC in order to materialize CSRF prevention concepts described in the following OWASP CSRF cheatsheet
Java
30
star
11

poc-jwt

POC about usage of JSON Web Tokens (JWT) in a secure way.
Java
26
star
12

access-brute-forcer

Android v7+ application to perform a dictionary brute force attack against a host.
Java
17
star
13

tls-cert-discovery

Script to identify new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.
Python
10
star
14

injection-cheat-sheets

Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).
Java
9
star
15

poc-authz-testing

POC in order to explore and describe a proposition for the automation of the testing of the authorization matrix.
Java
8
star
16

powershell-android-utils

PowerShell module providing utility commands to manipulate a APK file on Windows
PowerShell
7
star
17

poc-idor

POC in order to materialize IDOR prevention concepts described in the following OWASP cheatsheet
Java
7
star
18

toolbox-jwt

Docker toolbox with different scripts having for the objective to perform different kinds of attacks against JWT tokens.
Shell
5
star
19

poc-websocket

POC in order to materialize prevention concepts described in the following OWASP WebSocket cheatsheet
Java
4
star
20

robots-disallowed-dict-builder

Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites
Python
4
star
21

clipboard-stalker

Android v6+ application to monitor (stalk) the clipboard and grab the content.
Java
3
star
22

log4shell-payload-grabber

Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.
Java
3
star
23

external-storage-stalker

Android v6+ application to monitor (stalk) all the external storage locations referenced into the system and list the files that can be accessed in read mode.
Java
2
star
24

poc-argon2

POC in order to materialize prevention concepts described in the following OWASP cheatsheet
Java
2
star
25

poc-argon2-php

POC in order to materialize prevention concepts described in the following OWASP cheatsheet
PHP
2
star
26

poc-error-handling

POC in order to find the right setup to define a global error handler in differents web based technologies
JavaScript
1
star
27

sandbox

Provide network listeners during online training web challenges/labs.
Shell
1
star
28

voxxeddays-lux-2018

Demo project of my talk
Java
1
star
29

pkcheck

Program brute forcing the passphrase of a private key
Go
1
star
30

voxxeddays-lux-2022

Demonstration videos and presentation regarding the talk given at the VOXXED LU 2022 conference.
PHP
1
star