Automated script for performing Padding Oracle attacks
Rogue AP killer
Burp plugin to convert fast infoset (FI) to/from the text-based XML document format allowing easy editing
A collection of publicly released whitepapers
Linux based inter-process code injection without ptrace(2)
Solidity Contract Function Profiler
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
A portable console aimed at making pentesting with PowerShell a little easier.
wifitap updated for BT5r3
This library was co-developed with a leading financial institution in order to build a single solution for Cross-Site Request Forgery (CSRF) prevention that is flexible enough to deploy firm-wide within diverse Java/J2EE web application environments.
sslscan tests SSL/TLS enabled services to discover supported cipher suites
Deployment checklist for securely deploying Docker
Script to test if a server is vulnerable to the JetLeak vulnerability
Utility for converting Findbugs, ESLint and PMD XML results into HP Fortify FPRs
Automated Linux evil maid attack
Custom Fortify SCA rules to detect common JSSE certification validation flaws
Custom security ruleset for the popular Java static analysis tool PMD.
Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution
This module is used to exploit startup script execution through Windows Group Policy settings when configured to run off of a remote SMB share.
Sample Findbugs custom detector for finding potentially insecure Scala code.
ListLock APK contains the demo APK for the Using Mobile Substrate With Android Applications blog post