Information Security
Posta Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities and includes features such as replaying messages sent between windows within any attached browser. Tabs...
0d1n Web security tool to make fuzzing at HTTP 0d1n is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. From another point of view,...
njsscan njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using a simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Changelog v0.2.5 Bump...
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
enlightn Think of Enlightn as your performance and security consultant. Enlightn will “review” your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source...
JSON Interoperability Vulnerability Labs Companion labs to “An Exploration of JSON Interoperability Vulnerabilities” Description These are the companion labs to my research article “An Exploration of JSON Interoperability Vulnerabilities”. Lab 1: Free purchases in an...
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web applications and networks....
kubei Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster,...
About CORScanner CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies....
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
Suggested Reading