Doyensec

All

51 repositories

tsunami-security-scanner-plugins
Public
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Java
•
Apache License 2.0
•178•0•0•0•Updated Oct 24, 2024Oct 24, 2024
security-testbeds
Public
Python
•
Apache License 2.0
•27•0•0•2•Updated Oct 24, 2024Oct 24, 2024
ruby-unsafe-deserialization
Public
Proof of Concepts for unsafe deserialization in Ruby
Ruby
•
MIT License
•1•0•0•0•Updated Oct 17, 2024Oct 17, 2024
CSPTPlayground
Public
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
csrf websecurity websec appsec-testing cspt
JavaScript
•
Apache License 2.0
•6•80•1•0•Updated Oct 7, 2024Oct 7, 2024
tsunami-security-scanner
Public
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Java
•
Apache License 2.0
•891•0•0•0•Updated Sep 19, 2024Sep 19, 2024
electronegativity
Public
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
electron nodejs security electron-app
JavaScript
•
Apache License 2.0
•66•971•12•1•Updated Sep 16, 2024Sep 16, 2024
libajp13
Public
AJPv1.3 Java Library
apache-jserv-protocol ajp13 ajp
Java
•
Apache License 2.0
•2•4•0•0•Updated Aug 22, 2024Aug 22, 2024
wsrepl
Public
WebSocket REPL for pentesters
Python
•13•202•1•1•Updated Jul 24, 2024Jul 24, 2024
awesome-electronjs-hacking
Public
A curated list of awesome resources about Electron.js (in)security
60•577•0•0•Updated Jul 22, 2024Jul 22, 2024
db-race-conditions-playground
Public
Database Race Condition Playground. Made with 🧡 by Doyensec LLC.
mysql postgres database mariadb transactions race-conditions
JavaScript
•0•7•0•0•Updated Jul 11, 2024Jul 11, 2024
CSPTBurpExtension
Public
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
burpsuite burp-extensions cspt doyensec
Java
•
Apache License 2.0
•4•103•1•0•Updated Jul 2, 2024Jul 2, 2024
inql
Public
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
security-audit penetration-testing bugbounty security-scanner burpsuite security-tools burp-extensions graphql-security api-documentation-tool bugbounty-tool
Python
•
Apache License 2.0
•158•1.5k•22•2•Updated Jun 24, 2024Jun 24, 2024
GQLSpection
Public
GQLSpection - parses GraphQL introspection schema and generates possible queries
Python
•
Apache License 2.0
•10•70•10•2•Updated Jun 21, 2024Jun 21, 2024
safeurl
Public
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
appsec ssrf gosec
Go
•
Apache License 2.0
•8•91•1•0•Updated May 6, 2024May 6, 2024
Prototype-Pollution-Gadgets-Finder
Public
Python
•3•77•1•0•Updated Apr 29, 2024Apr 29, 2024
Session-Hijacking-Visual-Exploitation
Public
Session Hijacking Visual Exploitation
xss appsec xss-exploitation session-hijacking
JavaScript
•15•193•3•0•Updated Mar 7, 2024Mar 7, 2024
regexploit
Public
Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
Python
•
Apache License 2.0
•53•791•16•1•Updated Feb 9, 2024Feb 9, 2024
PoiEx
Public
🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends
security vscode iac vscode-extension collaborative-editing security-tools semgrep
TypeScript
•2•70•0•0•Updated Feb 2, 2024Feb 2, 2024
PESD-Exporter-Extension
Public
PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
HTML
•
Apache License 2.0
•8•97•6•0•Updated Jan 30, 2024Jan 30, 2024
semgrep-rules
Public
Semgrep rules registry
Solidity
•
Other
•395•0•0•0•Updated Jan 17, 2024Jan 17, 2024
jekyll-algolia
Public
Add fast and relevant search to your Jekyll site
Ruby
•
MIT License
•35•0•0•0•Updated Nov 1, 2023Nov 1, 2023
webext_boilerplate
Public
Web extension boilerplate files for web application testers.
JavaScript
•2•7•0•0•Updated Sep 22, 2023Sep 22, 2023
protoburp
Public
Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages
Python
•8•35•8•0•Updated Sep 11, 2023Sep 11, 2023
r2pickledec
Public
Pickle decompiler plugin for Radare2
C
•
GNU Lesser General Public License v3.0
•0•14•0•0•Updated Aug 6, 2023Aug 6, 2023
cloudsec-tidbits
Public
Blogpost series showcasing interesting cloud - web app security bugs
aws terraform cloudsecurity
HCL
•3•45•0•0•Updated Jun 13, 2023Jun 13, 2023
request
Public
🏊🏾 Simplified HTTP request client.
JavaScript
•
Apache License 2.0
•3.2k•0•0•0•Updated May 4, 2023May 4, 2023
electronegativity-action
Public
The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD.
1•14•0•0•Updated Apr 15, 2023Apr 15, 2023
wallet-info
Public
A web service providing Ethereum Dapp information. Made with 🖤 by Doyensec LLC.
ethereum ethereum-dapp
Go
•
Apache License 2.0
•0•5•0•0•Updated Mar 28, 2023Mar 28, 2023
CVE-2022-39299_PoC_Generator
Public
A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-saml
Python
•1•17•0•0•Updated Feb 8, 2023Feb 8, 2023
imagemagick-security-policy-evaluator
Public
The ImageMagick Security Policy Evaluator allows developers and security experts to check if an XML Security Policy is hardened against a wide set of malicious attacks. It assists with the process of reviewing such policies, which is usually a manual task, and helps identify the best practices for ImageMagick deployments.
security imagemagick scanner conversion image-processing converters security-tools security-policies
JavaScript
•2•14•1•0•Updated Feb 6, 2023Feb 6, 2023