doyensec

inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.

regexploit

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

awesome-electronjs-hacking

A curated list of awesome resources about Electron.js (in)security

Session-Hijacking-Visual-Exploitation

Session Hijacking Visual Exploitation

wsrepl

WebSocket REPL for pentesters

ajpfuzzer

A command-line fuzzer for the Apache JServ Protocol (ajp13)

PESD-Exporter-Extension

PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams

safeurl

A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.

PoiEx

🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends

Prototype-Pollution-Gadgets-Finder

oidc-ssrf

An Evil OIDC Server

cloudsec-tidbits

Blogpost series showcasing interesting cloud - web app security bugs

confuser

Dependency Confusion Security Testing Tool

protoburp

Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages

GQLSpection

GQLSpection - parses GraphQL introspection schema and generates possible queries

vbox-fuzz

Companion to the "Introduction to VirtualBox security research" Blog Post

CVE-2022-39299_PoC_Generator

A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-saml

electronegativity-action

The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD.

r2pickledec

Pickle decompiler plugin for Radare2

imagemagick-security-policy-evaluator

The ImageMagick Security Policy Evaluator allows developers and security experts to check if an XML Security Policy is hardened against a wide set of malicious attacks. It assists with the process of reviewing such policies, which is usually a manual task, and helps identify the best practices for ImageMagick deployments.

webext_boilerplate

Web extension boilerplate files for web application testers.

wallet-info

A web service providing Ethereum Dapp information. Made with 🖤 by Doyensec LLC.

security-testbeds

tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

jekyll-algolia

Add fast and relevant search to your Jekyll site

request

🏊🏾 Simplified HTTP request client.

semgrep-rules

Semgrep rules registry

tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.