mccabe615

badtf

BurpAutoScan

Setup to scan local app with AutoScanWithBurp

aws-metadata-proxy

AWS Metadata Proxy for protection against SSRF

cloud_metadata_ips

List of special metadata IPs used in cloud services

codesamples

A sample of vulnerable examples

Damn-Vulnerable-Redis-Container

An example of obtaining RCE via Redis and CSRF

DangerousRubyFunctions

List of dangerous Ruby functions

dcaf_case_management

Rails-based case management system for the DC Abortion Fund

django-DefectDojo

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

dondada

ebooks.py

Lambda based ebooks Tweeter

gha-test

haml_xss_example

Copy of Todo app to demo HAML XSS vulnerability

railsgoat

A vulnerable version of Rails that follows the OWASP Top 10

retiree

A gem wrapper around retire.js

sql-injections-examples

cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

ListOfHacks

List of web app based hacks

micropurchase

18F's micro-purchase threshold experiment management app.

node-js-sample

A barebones Node.js app using the Express framework.

php-exploit-scripts

A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.

pocs

rubocop-github

Code style checking for GitHub Ruby repositories

scryptauth

A scrypt password hash encoding proposal and implementation for go

security-guide-for-developers

Security Guide for Developers

SecurityTools

A single repository for any security tools, scripts, documentation, etc. that I add

semgrep-rules

Semgrep rules registry

terra-fied

weirdAAL

WeirdAAL (AWS Attack Library)

xxeserve

XXE Out of Band Server.