AppSec
Content hijacking proof-of-concept using Flash, PDF and Silverlight
A tool to inspect and attack version 1 GUIDs
PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasp…
Deserialization payload generator for a variety of .NET formatters
BurpSuite plugin to save just the body of a request or response to a file
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
Improving security and resilience of WebAssembly VMs/runtimes/parsers using fuzzing
Security Analysis tool for WebAssembly module (wasm) and Blockchain Smart Contracts (BTC/ETH/NEO/EOS)
Cool code analysis research for WebAssembly https://urn.kb.se/resolve?urn=urn%3Anbn%3Ase%3Akth%3Adiva-342751
WebAssembly as a Fuzzing Compilation Target @ FUZZING'24
This extension allows you to detect implementations of postMessage function, addEventListener("message",function) event handler and onMessage function.
An unsecure by-design PWA that students can analyse with a suite of tools and support to build their understanding of web-based secure software architecture.
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
Autoswagger by Intruder - detect API auth weaknesses
This example shows how to use the DataProtection APIs with ASP.NET Core
An observatory for TLS configurations, X509 certificates, and more.
A collection of awesome penetration testing resources, tools and other shiny things
A repository with 3 tools for pwn'ing websites with .git repositories available
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare
Python implementations of cryptographic attacks and utilities.