A Python client library for interfacing with Rapid7 AppSpider Enterprise.

JWT fuzzer

HTML5 WebSocket message fuzzer

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Parsing PHP source code using Python and generating ASTs

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

Wordlist generator

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A local SonarQube scanning solution

AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.

Whitepass Bypass Whitelist/Ratelimit Implementations in Web Applications/APIs

An application to assist in the organization and prioritization of software security activities.

Uma maneira beeem simples de demonstrar segurança ao utilizar APIs!

Course topics & links for crypto & appsec course taught in 2021

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

This project is about creating and publishing threat model examples.

Global Misconfig Finder (web)

Gitlab CI jobs stdout secrets finder

DongTai-WebAPI is the server part of the management tool of DongTai-IAST