• Stars
    star
    704
  • Rank 64,316 (Top 2 %)
  • Language
  • License
    MIT License
  • Created about 4 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

jwt-secrets

The goal for this project was to find as many public-available JWT secrets as possible to help developers and DevOpses identify it by traffic analysis at the Wallarm NGWAF level.

For now (10/02/2020) the list consists of 3502

We focused on Google search and GitHub dorks by using mainly two query patterns:

  1. jwt example +TECHNOLOGY where the TECHNOLOGY is the language itself like PHP, Ruby, Rails, or framework like ExpressJS, Struts of Flask.
  2. Google BigQuery search based on 3M GitHub projects

This repository is automatically connected with the JWT heartbreaker Burp extension (see: https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/)

More Repositories

1

gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Go
1,532
star
2

awesome-nginx-security

πŸ”₯ A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
728
star
3

api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
Go
585
star
4

nascell-automl

Python
253
star
5

jwt-heartbreaker

The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
Java
121
star
6

libdetection

Signature-free approach library to detect injection and commanding attacks
C
86
star
7

fast-detects

42
star
8

ingress

Kubernetes Ingress controller with integrated Wallarm services
Go
38
star
9

docker-wallarm-node

⚑️ Official docker image for Wallarm Node. API security platform agent.
Shell
32
star
10

wallnet

Open-source code to support BSides 2019's talk: Bye-Bye False Positives: Using AI to Improve Detection
Python
20
star
11

sysbindings

sysctl/sysfs settings on a fly for Kubernetes Cluster. No restarts are required for clusters and nodes.
Python
20
star
12

pgbouncer-chart

Helm chart to deploy pgbouncer connection pooler to Kubernetes
Mustache
15
star
13

neuraldrugs

AI.drugs
Python
14
star
14

researches

PHP
12
star
15

product-documentation

Wallarm Product Documentation
CSS
10
star
16

ingress-plus

Wallarm WAF for Kubernetes NGINX Plus Ingress Controller
Go
5
star
17

terraform-provider-wallarm

Terraform provider for Wallarm
Go
5
star
18

sidecar

Kubernetes Sidecar schema of Wallarm API Security deployment
Go
4
star
19

ingress-chart

Mustache
4
star
20

owasp-top-10-2022

Statistical approach to build OWASP Top Ten. This repository includes code, data and calculation methodology.
Python
4
star
21

helm-charts

Wallarm public charts repository
HTML
3
star
22

heartbleed.py

forked from https://gist.github.com/eelsivart/10174134
Python
3
star
23

api-firewall-docker

Shell
3
star
24

neural

2
star
25

wallarm-api-examples

Very basic examples of Wallarm API usage
Python
2
star
26

cert-headers

The list of possible HTTP headers used to store client certificate information
2
star
27

terraform-example

HCL
2
star
28

oob-ebpf

Wallarm out of band for Kubernetes based on eBPF
Smarty
2
star
29

wallarm-go

Go
1
star
30

heroku-buildpack-wallarm-node

Heroku buildpack for Wallarm
Shell
1
star
31

fast-jenkins-plugin

Run Wallarm security tests in your Jenkins pipeline
Java
1
star
32

terraform-aws-wallarm

Module for deploying Wallarm on AWS using Terraform
HCL
1
star
33

kong-docker

Lua
1
star