Skip to content
Gotham Digital Science

Gotham Digital Science

GDS-PMD-Security-Rules

Custom security ruleset for the popular Java static analysis tool PMD.

Updated

Presentations

This repository contains slide decks and other materials for talks and research presented at various conferences.

Updated

Fizzer

Fizzer is an assessment tool for fuzzing FIX messages.

Updated

SSLSecurityChecker

IronWASP module to test security of SSL services. Ported from http://www.bolet.org/TestSSLServer/

Updated

Python 30 3

wifitap

wifitap updated for BT5r3

Updated

mimegusta

Configurable content-sniffing XSS test bed

Updated

Python 44 18

GWT-Penetration-Testing-Toolset

A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt

Updated

Java 3 1

AntiXSS-for-Java

AntiXSS for Java is a port of the Microsoft Anti-Cross Site Scripting (AntiXSS) v1.5 library for .NET applications. The library requires Java 1.4 or higher, but has no other prerequisites.

Updated

Python 13 5

burpee

Python object interface to requests/responses recorded by Burp Suite

Updated

Python 16 4

cloud-and-control

Updated November 21, 2011

PadBuster

Automated script for performing Padding Oracle attacks

Updated

Python 6 4

Unibrute

Multithreaded SQL union bruteforcer

Updated

Python 15 14

Add-Trusted-Certificate-to-iOS-Simulator

Script for easily importing a trusted CA certificate into the iOS Simulator's trust store. This provides application testers the ability to intercept SSL traffic when using the simulator for testing.

Updated

WCF-WSDualHttpBinding-Port-Scanner

Proof of Concept utility for abusing WCF Web Services that use the WSDualHttpBinding in order to perform remote port scans of arbitrary hosts.

Updated

Perl 4 2

Code-from-O-reilly-Network-Security-Tools

Tools developed for the book Network Security Tools: Writing, Hacking, and Modifying Security Tools (Published April 2005 by O'Reilly - ISBN 0-596-00794-9). These examples, along with the rest of the examples from the book, are also available from O'Reilly.

Updated July 25, 2011

WCF-Binary-SOAP-Plug-In

This is a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data ("Content-Type: application/soap+msbin1). There are two versions of the plug-in available (consult the README for more information).

Updated

Java 3 2

Deflate-Burp-Plugin

The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.

Updated

mangers-oracle

Demonstration of Manger's Oracle, attacking RSA OAEP

Updated

Python 24 11

SQLBrute

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities.

Updated

blazentoo

Blazentoo is an Adobe AIR application that can be used to exploit insecure Adobe BlazeDS and LiveCycle Data Services ES servers. Blazentoo provides the ability to seamlessly browse web content, abusing insecurely configured Proxy Services.

Updated

Something went wrong with that request. Please try again.