righettod

Dominique RIGHETTO's repositories

poc-graphql

Research on GraphQL from an AppSec point of view.

Language:JavaMIT406 16 1

toolbox-pentest-web

Docker toolbox for pentest of web based application.

Language:PythonGPL-3.0132 11 33

burp-piper-custom-scripts

Custom scripts for the PIPER Burp extensions.

Language:PythonGPL-3.097 9 4

log-requests-to-sqlite

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Language:JavaGPL-3.060 4 22

document-upload-protection

POC in order to protect an document upload application feature against "malicious" document submission.

Language:Java41 8 4

website-passive-reconnaissance

Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.

Language:PythonGPL-3.034 3 21

log4shell-analysis

Contains all my research and content produced regarding the log4shell vulnerability

Language:JavaGPL-3.032 5 4

tls-cert-discovery

Script to identify new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.

Language:PythonGPL-3.010 3 5

powershell-android-utils

PowerShell module providing utility commands to manipulate a APK file on Windows

Language:PowerShellGPL-3.08 3 1

toolbox-jwt

Docker toolbox with different scripts having for the objective to perform different kinds of attacks against JWT tokens.

Language:DockerfileGPL-3.06 20

robots-disallowed-dict-builder

Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites

Language:PythonGPL-3.04 4 3

log4shell-payload-grabber

Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.

Language:JavaGPL-3.03 4 1

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Language:PHPMIT2 20

Invoke-CreateModuleHelpFile

PowerShell function to create a HTML help file for a module and all it's commands.

Language:PowerShell1 20

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Language:JavaScriptMIT1 10

param-miner

Language:JavaNOASSERTION1 10

pkcheck

Program brute forcing the passphrase of a private key

Language:GoGPL-3.01 30

sandbox

Provide network listeners during online training web challenges/labs.

Language:Shell1 30

voxxeddays-lux-2018

Demonstration videos and presentation regarding the talk given at the VOXXED LU 2018 conference.

Language:JavaGPL-3.01 30

voxxeddays-lux-2022

Demonstration videos and presentation regarding the talk given at the VOXXED LU 2022 conference.

Language:PHPGPL-3.01 30

www-project-secure-headers

The OWASP Secure Headers Project

Language:PythonApache-2.01 10

BChecks

BChecks collection for Burp Suite Professional

LGPL-3.0010

bchecks-library

Store custom BCheck scripts created prior to propose them to the BCheck PortSwigger repository.

Language:PowerShellGPL-3.0020

oshp-stats

Stats about HTTP response security headers usage mentioned by the OSHP.

Language:PythonGPL-3.0010

oshp-tracking

Repository used to organize freely the work on the OSHP projects.

GPL-3.0010

oshp-validator

Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.

Language:PythonGPL-3.0010

oshp.github.io

Language:CSS020

righettod.github.io

Redirection to personal website

Language:HTML030

timesheet-utils

Program that I used to know the number of working days and hours according to Luxembourg public holidays to fill my professional timesheet.

Language:GoGPL-3.0020

toolbox-regex

Toolbox to have a local instance of RegExr to create regex against sensitive/private content.

Language:DockerfileGPL-3.0000