hxp2k6

Add-Trusted-Certificate-to-iOS-Simulator

Script for easily importing a trusted CA certificate into the iOS Simulator's trust store. This provides application testers the ability to intercept SSL traffic when using the simulator for testing.

AlienVaultLabs

Alienvault Labs Projects Random Stuff

AntiXSS-for-Java

AntiXSS for Java is a port of the Microsoft Anti-Cross Site Scripting (AntiXSS) v1.5 library for .NET applications. The library requires Java 1.4 or higher, but has no other prerequisites.

blazentoo

Blazentoo is an Adobe AIR application that can be used to exploit insecure Adobe BlazeDS and LiveCycle Data Services ES servers. Blazentoo provides the ability to seamlessly browse web content, abusing insecurely configured Proxy Services.

BroCTF

Content from DEFCON BroCTF

burpee

Python object interface to requests/responses recorded by Burp Suite

cloud-and-control

Code-from-O-reilly-Network-Security-Tools

Tools developed for the book Network Security Tools: Writing, Hacking, and Modifying Security Tools (Published April 2005 by O'Reilly - ISBN 0-596-00794-9). These examples, along with the rest of the examples from the book, are also available from O'Reilly.

CSAW_2010

Source code to the Crypto Challenges for the CSAW 2010 qualifying CTF

Deflate-Burp-Plugin

The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.

DPE

DPE - Default Password Enumeration

faraday-http-cache

a faraday middleware that respects HTTP cache

GWT-Penetration-Testing-Toolset

A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt

mangers-oracle

Demonstration of Manger's Oracle, attacking RSA OAEP

misp-bloomfilter

A tool to create bloom filters from MISP records to share IOCs with others without breaking confidentiality.

misp-graph

A tool to convert MISP XML files (events and attributes) into graphs

PadBuster

Automated script for performing Padding Oracle attacks

proxychains

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.

sonar-fortify

SQLBrute

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities.

Unibrute

Multithreaded SQL union bruteforcer

WCF-Binary-SOAP-Plug-In

This is a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data ("Content-Type: application/soap+msbin1). There are two versions of the plug-in available (consult the README for more information).

WCF-WSDualHttpBinding-Port-Scanner

Proof of Concept utility for abusing WCF Web Services that use the WSDualHttpBinding in order to perform remote port scans of arbitrary hosts.