Enterprise-grade WebSocket security scanner with Smart Payload Evolution, real-time MitM interceptor, and 22 integrated web pentesting tools. Built for penetration testers, bug bounty hunters, and red teams.

This is a Command Injection payload generator made with Python 3

Five CTF challenges, two easy, two medium, one hard

AST-based Python deserialization/RCE scanner (pickle.load/loads, torch.load). Resolves aliases & deep call chains, outputs JSONL findings with severity/category, and supports custom rules for fast repo triage.

Command Injection / Remote Code Execution (RCE) via Insecure Deserialization in _load_ccd_pickle_cached() of chemical_components.py in AlphaFold 3 (v3.0.1) - (github.com/google-deepmind/alphafold3)

Command Injection / Remote Code Execution (RCE) via Insecure Deserialization in decode() of json_conversion.py in PyGlove v0.4.5 - (github.com/google/pyglove)

Command Injection / Remote Code Execution (RCE) via Insecure Deserialization in load() of predictor.py in Vertex AI SDK v1.121.0 - (github.com/googleapis/python-aiplatform)

Repozitorij za predmet "Sigurnost računalnih sustava" koji sadrži laboratorijske vježbe iz akademske godine 2023./2024.

This is a project involving the setting up a penetration testing environment using Kali Linux and Metasploitable2 to practice and exploit common vulnerabilities such as SQL Injection, Command Injection, and Cross-Site Scripting (XSS). Tools used include Nmap, BurpSuite, and SQLmap.