righettod Goto Github PK

access-brute-forcer

Android v7+ application to perform a dictionary brute force attack against a host.

bchecks

BChecks collection for Burp Suite Professional

bchecks-library

Store custom BCheck scripts created prior to propose them to the BCheck PortSwigger repository.

burp-piper-custom-scripts

Custom scripts for the PIPER Burp extensions.

clipboard-stalker

Android v6+ application to monitor (stalk) the clipboard and grab the content.

code-snippets-security-utils

Provides different utilities methods to apply processing from a security perspective.

document-upload-protection

POC in order to protect an document upload application feature against "malicious" document submission.

external-storage-stalker

Android v6+ application to monitor (stalk) all the external storage locations referenced into the system and list the files that can be accessed in read mode.

helpdeskz-1.0

HelpDeskZ v1.0

injection-cheat-sheets

Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).

invoke-createmodulehelpfile

PowerShell function to create a HTML help file for a module and all it's commands.

log-requests-to-sqlite

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

log4shell-analysis

Contains all my research and content produced regarding the log4shell vulnerability

log4shell-payload-grabber

Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

oshp-stats

Stats about HTTP response security headers usage mentioned by the OSHP.

oshp-tracking

Repository used to organize freely the work on the OSHP projects.

oshp-validator

Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.

oshp.github.io

param-miner

pkcheck

Program brute forcing the passphrase of a private key

poc-argon2

POC in order to materialize prevention concepts described in the following OWASP cheatsheet

poc-argon2-php

POC in order to materialize prevention concepts described in the following OWASP cheatsheet

poc-authz-testing

POC in order to explore and describe a proposition for the automation of the testing of the authorization matrix.

poc-csrf

POC in order to materialize CSRF prevention concepts described in the following OWASP CSRF cheatsheet

poc-error-handling

POC in order to find the right setup to define a global error handler in differents web based technologies

poc-graphql

Research on GraphQL from an AppSec point of view.

poc-idor

POC in order to materialize IDOR prevention concepts described in the following OWASP cheatsheet

poc-jwt

POC about usage of JSON Web Tokens (JWT) in a secure way.

poc-websocket

POC in order to materialize prevention concepts described in the following OWASP WebSocket cheatsheet