Security Training Share
Brakeman Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation...
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for...
GRAUDIT Graudit is a simple script and signature sets that allow you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS,...
WPScan is a black box WordPress vulnerability scanner. Changelog v3.7.3 Fixed Incorrect parsing of theme data when new lines before/after comments were stripped from the CSS file – Ref #1404 Improved passive detection of WordPress...
kubesec Security risk analysis for Kubernetes resources Download Kubesec Kubesec is available as a: Docker container image at docker.io/kubesec/kubesec:v2 Linux/MacOS/Win binary (get the latest release) Kubernetes Admission Controller Kubectl plugin Or install the latest commit from...
ODAT ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order...
CloudMapper CloudMapper generates network diagrams of Amazon Web Services (AWS) environments and displays them via your browser. It helps you understand visually what exists in your accounts and identify possible network misconfigurations. There are...
slurp Blackbox/whitebox S3 bucket enumerator Overview Credit to all the vendor packages that made this tool possible. This is a security tool; it’s meant for pen-testers and security professionals to perform audits of s3...
Fracker Fracker is a suite of tools that allows to easily trace and analyze PHP function calls, its goal is to assist the researcher during manual security assessments of PHP applications. It consists of:...
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
Security Knowledge Framework is an expert system application that uses the OWASP Application Security Verification Standard with detailed code examples (secure coding principles) to help developers in pre-development and post-development phases and create applications...
docem Utility to embed XXE and XSS payloads in docx,odt,pptx, etc – any documents that are a zip archive with a bunch of xml files inside This tool is a side-project of collaborative research...
The Hawkeye scanner-cli is project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding new...
Server-Side Request Forgery (SSRF) vulnerable Lab This repository contains PHP codes which are vulnerable to Server-Side Request Forgery (SSRF) attack. Vulnerable codes are meant to demonstrate SSRF for below mentioned 5 scenarios: 1. Application...
