Doyensec
Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
San Francisco / Warsaw
Pinned Repositories
awesome-electronjs-hacking
A curated list of awesome resources about Electron.js (in)security
burpdeveltraining
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
CSPTBurpExtension
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
CSPTPlayground
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
electronegativity
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
regexploit
Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
safeurl
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
Session-Hijacking-Visual-Exploitation
Session Hijacking Visual Exploitation
wsrepl
WebSocket REPL for pentesters
Doyensec's Repositories
doyensec/inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
doyensec/electronegativity
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
doyensec/regexploit
Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
doyensec/awesome-electronjs-hacking
A curated list of awesome resources about Electron.js (in)security
doyensec/wsrepl
WebSocket REPL for pentesters
doyensec/Session-Hijacking-Visual-Exploitation
Session Hijacking Visual Exploitation
doyensec/CSPTBurpExtension
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
doyensec/CSPTPlayground
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
doyensec/safeurl
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
doyensec/PESD-Exporter-Extension
PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
doyensec/GQLSpection
GQLSpection - parses GraphQL introspection schema and generates possible queries
doyensec/Prototype-Pollution-Gadgets-Finder
doyensec/PoiEx
🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends
doyensec/Unsafe-Unpacking
Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide
doyensec/KSMBD-CVE-2025-37947
Blog Post: https://blog.doyensec.com/2025/10/08/ksmbd-3.html
doyensec/malicious-devfile-registry
Exploit for CVE-2024-0402 in Gitlab
doyensec/burp-rest-api
REST/JSON API to the Burp Suite security tool.
doyensec/SSHNuke_info
SSH Nuke Info
doyensec/db-race-conditions-playground
Database Race Condition Playground. Made with 🧡 by Doyensec LLC.
doyensec/libajp13
AJPv1.3 Java Library
doyensec/vibecoding-djinn
doyensec/exploitable-IoT-solution
!Exploitable IoT Exploit
doyensec/csharp_rand_py
Optimized C# `Random` for security testing
doyensec/outline
The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.
doyensec/security-testbeds
doyensec/tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
doyensec/tsunami-security-scanner-plugins
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
doyensec/ComfyUI-tsunami-payload
doyensec/osv-scalibr
doyensec/ruby-unsafe-deserialization
Proof of Concepts for unsafe deserialization in Ruby