Repositories list

• inql

  Public
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  security-auditpenetration-testingbugbounty+ 8security-scannerburpsuitesecurity-toolsburp-extensionsgraphql-securityapi-documentation-toolbugbounty-tool+ 1

  Python

  •

  Apache License 2.0

  •161•1.6k•23•2•Updated Mar 12, 2025Mar 12, 2025

• osv-scalibr

  Public
  Go

  •

  Apache License 2.0

  •31•0•0•0•Updated Mar 11, 2025Mar 11, 2025

• GQLSpection

  Public
  GQLSpection - parses GraphQL introspection schema and generates possible queries

  Python

  •

  Apache License 2.0

  •10•79•10•2•Updated Mar 6, 2025Mar 6, 2025

• SSHNuke_info

  Public
  SSH Nuke Info

  exploitsshdvulnerability+ 1exploit-development

  C

  •0•1•0•0•Updated Mar 4, 2025Mar 4, 2025

• ComfyUI-tsunami-payload

  Public
  Python

  •0•0•0•0•Updated Mar 3, 2025Mar 3, 2025

• awesome-electronjs-hacking

  Public
  A curated list of awesome resources about Electron.js (in)security

  63•605•0•0•Updated Mar 1, 2025Mar 1, 2025

• tsunami-security-scanner-plugins

  Public
  This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

  Java

  •

  Apache License 2.0

  •191•0•0•0•Updated Feb 28, 2025Feb 28, 2025

• security-testbeds

  Public
  Python

  •

  Apache License 2.0

  •36•0•0•1•Updated Feb 28, 2025Feb 28, 2025

• exploitable-IoT-solution

  Public
  !Exploitable IoT Exploit

  iotexploitappsec+ 2iot-securitytenda

  C

  •0•3•0•0•Updated Feb 10, 2025Feb 10, 2025

• PESD-Exporter-Extension

  Public
  PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams

  Java

  •

  Apache License 2.0

  •8•101•2•0•Updated Jan 30, 2025Jan 30, 2025

• CSPTPlayground

  Public
  CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

  csrfwebsecuritywebsec+ 2appsec-testingcspt

  JavaScript

  •

  Apache License 2.0

  •9•106•1•0•Updated Jan 9, 2025Jan 9, 2025

• Unsafe-Unpacking

  Public
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide

  HTML

  •3•38•0•0•Updated Dec 16, 2024Dec 16, 2024

• ruby-unsafe-deserialization

  Public
  Proof of Concepts for unsafe deserialization in Ruby

  Ruby

  •

  MIT License

  •3•0•0•0•Updated Oct 17, 2024Oct 17, 2024

• tsunami-security-scanner

  Public
  Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

  Java

  •

  Apache License 2.0

  •900•0•0•0•Updated Sep 19, 2024Sep 19, 2024

• electronegativity

  Public
  Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.

  electronnodejssecurity+ 1electron-app

  JavaScript

  •

  Apache License 2.0

  •68•983•12•1•Updated Sep 16, 2024Sep 16, 2024

• libajp13

  Public
  AJPv1.3 Java Library

  apache-jserv-protocolajp13ajp

  Java

  •

  Apache License 2.0

  •2•4•0•0•Updated Aug 22, 2024Aug 22, 2024

• wsrepl

  Public
  WebSocket REPL for pentesters

  Python

  •15•217•1•1•Updated Jul 24, 2024Jul 24, 2024

• db-race-conditions-playground

  Public
  Database Race Condition Playground. Made with 🧡 by Doyensec LLC.

  mysqlpostgresdatabase+ 3mariadbtransactionsrace-conditions

  JavaScript

  •0•7•0•0•Updated Jul 11, 2024Jul 11, 2024

• CSPTBurpExtension

  Public
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.

  burpsuiteburp-extensionscspt+ 1doyensec

  Java

  •

  Apache License 2.0

  •8•132•0•0•Updated Jul 2, 2024Jul 2, 2024

• safeurl

  Public
  A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.

  appsecssrfgosec

  Go

  •

  Apache License 2.0

  •8•97•1•0•Updated May 6, 2024May 6, 2024

• Prototype-Pollution-Gadgets-Finder

  Public
  Python

  •3•87•1•0•Updated Apr 29, 2024Apr 29, 2024

• Session-Hijacking-Visual-Exploitation

  Public
  Session Hijacking Visual Exploitation

  xssappsecxss-exploitation+ 1session-hijacking

  JavaScript

  •15•196•3•0•Updated Mar 7, 2024Mar 7, 2024

• regexploit

  Public
  Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

  Python

  •

  Apache License 2.0

  •56•803•16•1•Updated Feb 9, 2024Feb 9, 2024

• PoiEx

  Public
  🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends

  securityvscodeiac+ 4vscode-extensioncollaborative-editingsecurity-toolssemgrep

  TypeScript

  •2•72•0•0•Updated Feb 2, 2024Feb 2, 2024

• semgrep-rules

  Public
  Semgrep rules registry

  Solidity

  •

  Other

  •425•0•0•0•Updated Jan 17, 2024Jan 17, 2024

• jekyll-algolia

  Public
  Add fast and relevant search to your Jekyll site

  Ruby

  •

  MIT License

  •36•0•0•0•Updated Nov 1, 2023Nov 1, 2023

• webext_boilerplate

  Public
  Web extension boilerplate files for web application testers.

  JavaScript

  •2•7•0•0•Updated Sep 22, 2023Sep 22, 2023

• protoburp

  Public
  Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages

  Python

  •8•36•8•0•Updated Sep 11, 2023Sep 11, 2023

• r2pickledec

  Public
  Pickle decompiler plugin for Radare2

  C

  •

  GNU Lesser General Public License v3.0

  •1•18•0•0•Updated Aug 6, 2023Aug 6, 2023

• cloudsec-tidbits

  Public
  Blogpost series showcasing interesting cloud - web app security bugs

  awsterraformcloudsecurity

  HCL

  •3•47•0•0•Updated Jun 13, 2023Jun 13, 2023