Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CSP scanner, RapidSec #87

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add CSP scanner, RapidSec #87

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b540479
CSP bypasses
shaialon Feb 16, 2021
7eb1e46
CSP scanner extension
shaialon Feb 16, 2021
db7ec3d
cleanup
shaialon Feb 16, 2021
bddd1a6
Cool CSP stuff
shaialon Feb 16, 2021
f1a47ca
Update README.md
shaialon Feb 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
- [GitHub's CSP journey](https://githubengineering.com/githubs-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
- [GitHub's post-CSP journey](https://githubengineering.com/githubs-post-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
- [CSP bypasses, and how developers can build a strict CSP!](https://rapidsec.com/docs/csp-bypasses) - Written by [@shaialon](https://github.com/shaialon).


<a name="evasions-waf"></a>
### WAF
Expand Down Expand Up @@ -590,6 +592,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [prowler](https://github.com/Alfresco/prowler) - Tool for AWS security assessment, auditing and hardening by [@Alfresco](https://github.com/Alfresco).
- [slurp](https://github.com/hehnope/slurp) - Evaluate the security of S3 buckets by [@hehnope](https://github.com/hehnope).
- [A2SV](https://github.com/hahwul/a2sv) - Auto Scanning to SSL Vulnerability by [@hahwul](https://github.com/hahwul).
- [CSP Scanner Extension](https://chrome.google.com/webstore/detail/csp-scanner-test-analyze/eoiiiomeoogcpnkdedcodoeaacpdfmdj) - Chrome extention to analyze a site's Content-Security-Policy (CSP) by [CSP Scanner](https://cspscanner.com/).

<a name="tools-command-injection"></a>
### Command Injection
Expand Down Expand Up @@ -739,6 +742,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).
- [Csper](https://csper.io) - A set of tools for building/evaluating/monitoring content-security-policy to prevent/detect cross site scripting by [Csper](https://csper.io).
- [RapidSec](https://rapidsec.com/) - Generate a strong Content-Security-Policy (CSP) and monitor it's logs for free by [RapidSec](https://rapidsec.com/).

<a name="tools-proxy"></a>
### Proxy
Expand Down