Beast code in Giters

Aon's Cyber Solutions - Security Testing (Formerly GDS)'s repositories

GWT-Penetration-Testing-Toolset

A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt

Language:Python221 40 6

wifitap

wifitap updated for BT5r3

Language:PythonGPL-2.0152 27 1

Jetleak-Testing-Script

Script to test if a server is vulnerable to the JetLeak vulnerability

Language:Python144 14 4

SQLBrute

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities.

Language:Python71 250

GDS-PMD-Security-Rules

Custom security ruleset for the popular Java static analysis tool PMD.

Language:JavaGPL-2.060 11 2

Whitepapers

A collection of publicly released whitepapers

49 120

WCF-Binary-SOAP-Plug-In

This is a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data ("Content-Type: application/soap+msbin1). There are two versions of the plug-in available (consult the README for more information).

Language:C#45 200

PSAttack

A portable console aimed at making pentesting with PowerShell a little easier.

Language:C#MIT44 100

burpee

Python object interface to requests/responses recorded by Burp Suite

Language:Python36 24 1

cloud-and-control

Language:Python26 210

OSX-Continuity-Dialer-POC

Language:Objective-CGPL-2.023 850

PaddingOracleDemos

Language:PythonGPL-2.022 860

Anti-CSRF-Library

This library was co-developed with a leading financial institution in order to build a single solution for Cross-Site Request Forgery (CSRF) prevention that is flexible enough to deploy firm-wide within diverse Java/J2EE web application environments.

Language:JavaApache-2.020 26 1

DotNET-MVC-Enumerator

Language:C#GPL-2.020 850

AntiXSS-for-Java

AntiXSS for Java is a port of the Microsoft Anti-Cross Site Scripting (AntiXSS) v1.5 library for .NET applications. The library requires Java 1.4 or higher, but has no other prerequisites.

Language:Java16 280

sol-function-profiler

Solidity Contract Function Profiler

Language:JavaScriptMIT16 50

Code-from-O-reilly-Network-Security-Tools

Tools developed for the book Network Security Tools: Writing, Hacking, and Modifying Security Tools (Published April 2005 by O'Reilly - ISBN 0-596-00794-9). These examples, along with the rest of the examples from the book, are also available from O'Reilly.

Language:Perl15 200

JSSE_Fortify_SCA_Rules

Custom Fortify SCA rules to detect common JSSE certification validation flaws

Language:JavaGPL-2.011 870

SSLSecurityChecker

IronWASP module to test security of SSL services. Ported from http://www.bolet.org/TestSSLServer/

Language:C#11 70

Presentations

This repository contains slide decks and other materials for talks and research presented at various conferences.

10 200

SubstrateDemo

ListLock APK contains the demo APK for the Using Mobile Substrate With Android Applications blog post

Language:JavaGPL-3.09 210

sentrygun

Rogue AP killer

Language:Python7 90

blazentoo

Blazentoo is an Adobe AIR application that can be used to exploit insecure Adobe BlazeDS and LiveCycle Data Services ES servers. Blazentoo provides the ability to seamlessly browse web content, abusing insecurely configured Proxy Services.

6 190