Pinned Repositories
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
csp-auditor
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
bandlogos
BandLogos is a simple application that generate a banner of logos based on your last.fm statistics. At its peak, it had over 100k users.
burp-retire-js
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
find-sec-bugs
The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala and Groovy projects)
http-script-generator
ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
rhinauditor
Static analyzer for JavaScript aiming for security bugs. (ZAP/Burp plugin)
rtmfp-api
Provide an easy API for rtmfp capabilities from Flash for Javascript applications.
waf-workshop
h3xstream's Repositories
h3xstream/http-script-generator
ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
h3xstream/burp-retire-js
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
h3xstream/find-sec-bugs
The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala and Groovy projects)
h3xstream/waf-workshop
h3xstream/bandlogos
BandLogos is a simple application that generate a banner of logos based on your last.fm statistics. At its peak, it had over 100k users.
h3xstream/burp-image-metadata
Burp and ZAP plugin that display image metadata (JPEG Exif or PNG text chunk).
h3xstream/java-vulnerable-webapp
Intentionally vulnerable application 💥
h3xstream/burp-pdf-viewer
PDF preview in Burp Suite
h3xstream/confoo-first-chrome-ext
Content related to my Confoo talk on Chrome extension development
h3xstream/CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
h3xstream/firefox-ledgerize
A small Firefox addon to convert online bank statements to copy-pasteable Ledger CLI entries.
h3xstream/fsb-test-1
h3xstream/fsb-test-2
h3xstream/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
h3xstream/presentations
Material from presentations done by GoSecure researchers
h3xstream/request-smuggling-workshop
h3xstream/sarif-samples
h3xstream/slides-2022
h3xstream/spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
h3xstream/spotbugs-intellij-plugin
The SpotBugs Plugin for IntelliJ IDEA
h3xstream/spotbugs-maven-plugin
Maven Mojo Plug-In to generate reports based on the SpotBugs Analyzer
h3xstream/template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
h3xstream/test-extension
Chrome extension testing
h3xstream/WebGoat
WebGoat is a deliberately insecure application
h3xstream/WebGoat-gh-action-slscan
h3xstream/WebGoat-gh-action-test
h3xstream/WebGoat-Legacy
Legacy WebGoat 6.0 - Deliberately insecure JavaEE application
h3xstream/WebGoat-Lessons-Sandbox
h3xstream/Wire3D
3D engine for Wii and PC (C++)
h3xstream/xxe-workshop
Workshop given at Hack in Paris 2019