This is your work, valued

Luxemburg

Dominique RIGHETTO

Elite
@righettod

🌎 righettod.eu

poc-graphql. Research on GraphQL from an AppSec point of view.

418

toolbox-pentest-web. Docker toolbox for pentest of web based application.

182

burp-piper-custom-scripts. Custom scripts for the PIPER Burp extensions.

98

log-requests-to-sqlite. BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

66

virtualhost-payload-generator. BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.

61

pst-digger. Program to analyze mails stored into a Microsoft Outlook PST file and find one based on search keywords.

60

document-upload-protection. POC in order to protect an document upload application feature against "malicious" document submission.

47

website-passive-reconnaissance. Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.

39

poc-jwt. POC about usage of JSON Web Tokens (JWT) in a secure way.

34

log4shell-analysis. Contains all my research and content produced regarding the log4shell vulnerability

31

poc-csrf. POC in order to materialize CSRF prevention concepts described in the following OWASP CSRF cheatsheet

30

access-brute-forcer. Android v7+ application to perform a dictionary brute force attack against a host.

24

powershell-android-utils. PowerShell module providing utility commands to manipulate a APK file on Windows

16

poc-authz-testing. POC in order to explore and describe a proposition for the automation of the testing of the authorization matrix.

12

tls-cert-discovery. Script to identify new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.

12

injection-cheat-sheets. Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).

10

poc-idor. POC in order to materialize IDOR prevention concepts described in the following OWASP cheatsheet

8

code-snippets-security-utils. Provides different utilities methods to apply processing from a defensive security perspective.

8

toolbox-jwt. Docker toolbox with different scripts having for the objective to perform different kinds of attacks against JWT tokens.

6

poc-llm. Research on LLM & code assistant from an AppSec point of view.

5

toolbox-codescan. Customized toolbox to perform offline scanning of a code base.

4

clipboard-stalker. Android v6+ application to monitor (stalk) the clipboard and grab the content.

4

poc-websocket. POC in order to materialize prevention concepts described in the following OWASP WebSocket cheatsheet

4

ws-probing-shell. Interactive shell in order to probe/analyze a WebSocket endpoint.

4

log4shell-payload-grabber. Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.

3

SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

3

robots-disallowed-dict-builder. Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites

3

poc-error-handling. POC in order to find the right setup to define a global error handler in differents web based technologies

3

poc-argon2. POC in order to materialize prevention concepts described in the following OWASP cheatsheet

2

external-storage-stalker. Android v6+ application to monitor (stalk) all the external storage locations referenced into the system and list the files that can be accessed in read mode.

2

poc-argon2-php. POC in order to materialize prevention concepts described in the following OWASP cheatsheet

2

toolbox-patator. Toolbox to have a always up to date docker image of the tools named "patator".

1

pkcheck. Program brute forcing the passphrase of a private key

1

toolbox-regex. Toolbox to have a local instance of RegExr to create regex against sensitive/private content.

1

CheatSheetSeries. The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

1

HTTPSignatures. πŸ’‘Fork adding support for more signature algorithms.

1

POC-CVE-2025-54988. A PDF generator for CVE-2025-54988

1

voxxeddays-lux-2022. Demonstration videos and presentation regarding the talk given at the VOXXED LU 2022 conference.

1