Loading contributions...
Top Repositories
Useful commands/tricks using smbclient/nmap in a pentesting/auditing/redteaming
This repository contains links to awesome security articles.
This contains a bundle with an executable to exploit ms17-010 remote or locally. It does not require Python.
This enforces F5 WAF signatures for Spring4Shell and Spring Cloud vulnerabilities across all policies on a BIG-IP ASM device
Simple script to brute force JWT token signature
Google Cloud Platform Security
Repositories
28This repository contains links to awesome security articles.
Useful commands/tricks using smbclient/nmap in a pentesting/auditing/redteaming
This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device
aquatone results for sites with bug bountys
This contains a bundle with an executable to exploit ms17-010 remote or locally. It does not require Python.
A list of open source web security scanners
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
Checklist for container security - devsecops practices
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
slowdos_detector is Python tool to detect Slow HTTP DoS Attack (GET and POST) on pcap files.
F5 Adv. WAF/ASM policies quick view.
This simple tool creates username/password combination for HTTP Digest Authentication. It can be used for password lookup during password auditing/assessment/pen-testing for WildFly / JBoss / Apache.
A ZAP Help Add-On Script for signing requests to AWS
No description provided.
Simple script to brute force JWT token signature
🔥 Everything awesome about web-application firewalls (WAF).
Search is a simple text search to look for various words within files on a give folder.
Terraform module for Deploying BIG-IP in GCP
Username Enumeration tool using Side-Channel (Timing) over HTTP
Google Cloud Platform Security
No description provided.
Web Application Firewall Security Testing Tool
Terraform deployments for BIG-IP in public cloud environments (AWS, Azure, Google). F5 Automation Toolchain is used for easier device and app configuration.
This tool creates a custom signature set on F5 WAF and apply to policies in blocking mode
This enforces F5 WAF signatures for Spring4Shell and Spring Cloud vulnerabilities across all policies on a BIG-IP ASM device
Introduction to Volterra lab environment
A collection of ZAP scripts provided by the community - pull requests very welcome!
Barracuda Platform (NGFW and ADC) brute force user enum using side channel