ikkisoft

followers

following

stars

@doyensec

San Francisco / Warsaw

https://www.doyensec.com

Luca Carettoni's starred repositories

semgrepper

An extension to use Semgrep inside Burp Suite.

Language:JavaGPL-3.08500

AppSecEzine

AppSec Ezine Public Repository.

mdec

Decompilation as a Service. Explore multiple decompilers and compare their output with minimal effort. Upload binary, get decompilation.

Language:PythonNOASSERTION45200

JNDI-Injection-Exploit

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Language:JavaMIT248800

2FAuth

A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

Language:PHPAGPL-3.0171000

electronegativity-action

The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into GitHub CI/CD.

1400

apache-openoffice-rce-via-uno-links

3500

jquery-xss-in-html

jQuery < 3.5 Cross-Site Scripting (XSS) in html()

Language:CodeQL800

frida-fuzzer

This experimetal fuzzer is meant to be used for API in-memory fuzzing.

Language:JavaScriptApache-2.056400

TamperThemAll

A tampered payload generator to Fuzz Web Application Firewalls

Language:PythonGPL-3.03200

vdexExtractor

Tool to decompile & extract Android Dex bytecode from Vdex files

Language:CApache-2.098600

muraena

Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.

Language:GoBSD-3-Clause87000

mallet

Mallet is an intercepting proxy for arbitrary protocols

Language:Java25100

electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.

Language:JavaScriptApache-2.093900

awesome-browser-exploit

awesome list of browser exploitation tutorials

GPL-3.0192800

mattermost-retention

Data retention /cleanup script for mattermost

Language:Shell4300

BugBountySubdomains

Tools to gather subdomains from Bug Bounty programs

Language:Python6300

evilarc

Create tar/zip archives that can exploit directory traversal vulnerabilities

Language:Python95100

Keychain-Dumper

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken

Language:Objective-CBSD-3-Clause131600

SSRF-Testing

SSRF (Server Side Request Forgery) testing resources

Language:Python230900

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Language:JavaMIT741700

qark

Tool to look for several security related Android application vulnerabilities

Language:PythonNOASSERTION315300

dharma

Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.

Language:PythonMPL-2.047500

sleepy-puppy

Deprecated please use https://github.com/Netflix/sleepy-puppy

Language:HTML9400

GlobaLeaks

GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.

Language:PythonNOASSERTION118900

ntopng

Web-based Traffic and Security Network Traffic Monitoring

Language:LuaGPL-3.0599600

J2EEScan

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

Language:JavaGPL-2.063900