Joi Security
This project provides a CLI for offensive and defensive security assessments on the Joi validator library. The goal is to ensure that a given Joi validation schema can resist against known security attacks such as SQL injections, path traversal, and SSRF attempts. To get started, install the latest joi-security CLI tool using NPM: npm install -g joi-security. Create a sample JavaScript file containing the Joi schema for login validation and scan the file using the joi-security scan command. The joi-security CLI includes a wide range of attacks like XSS, SQL injections, NoSQL injections, RCE, LFI, Overflow, SSRF, suspicious IP addresses, homograph attacks on domains & email addresses.
FEATURES
SIMILAR TOOLS
A collection of scripts for Turbo Intruder, a penetration testing tool
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
Adversary emulation framework for testing security measures in network environments.
A tool for automated security scanning of web applications and manual penetration testing.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
A cheat sheet providing examples of creating reverse shells for penetration testing.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
A C2 profile generator for Cobalt Strike designed to enhance evasion.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.