Mike McCabe's repositories
BurpAutoScan
Setup to scan local app with AutoScanWithBurp
aws-metadata-proxy
AWS Metadata Proxy for protection against SSRF
cloud_metadata_ips
List of special metadata IPs used in cloud services
codesamples
A sample of vulnerable examples
Damn-Vulnerable-Redis-Container
An example of obtaining RCE via Redis and CSRF
DangerousRubyFunctions
List of dangerous Ruby functions
dcaf_case_management
Rails-based case management system for the DC Abortion Fund
django-DefectDojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
haml_xss_example
Copy of Todo app to demo HAML XSS vulnerability
cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
ListOfHacks
List of web app based hacks
micropurchase
18F's micro-purchase threshold experiment management app.
node-js-sample
A barebones Node.js app using the Express framework.
php-exploit-scripts
A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
rubocop-github
Code style checking for GitHub Ruby repositories
scryptauth
A scrypt password hash encoding proposal and implementation for go
security-guide-for-developers
Security Guide for Developers
SecurityTools
A single repository for any security tools, scripts, documentation, etc. that I add
semgrep-rules
Semgrep rules registry