Top 105 cve open source projects

✍️ A curated list of CVE PoCs.

This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.

鹿不在侧，鲸不予游🐋

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Original Automated CVE Checking Tool

A collection of JavaScript engine CVEs with PoCs

Vulnerability (CVE) scanner for Nix/NixOS.

Containing Self Made Perl Reproducers / PoC Codes

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

cve-search - a tool to perform local searches for known vulnerabilities

OSINT tool - gets data from services like shodan, censys etc. in one app

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

PatrowlHears - Vulnerability Intelligence Center / Exploits

The clever vulnerability dependency finder

A social experiment

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

The PHP Security Checker

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Vulnerability Labs for security analysis

Writeup of CVE-2020-15906

Unofficial api for cve.mitre.org

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

Exploiting Edge's read:// urlhandler

Poc Collected for study and develop

The Correlated CVE Vulnerability And Threat Intelligence Database API

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Resources for Windows exploit development

ES File Explorer Open Port Vulnerability - CVE-2019-6447

🔪Browser logic vulnerabilities ☠️

A collection of curated Java Deserialization Exploits

CVE-2018-8120 Windows LPE exploit

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

CVE Alerting Platform

Tracking CVEs for the linux Kernel

WebMap-Nmap Web Dashboard and Reporting

快速搭建各种漏洞环境(Various vulnerability environment)

BootStomp: a bootloader vulnerability finder

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

A PHP version scanner for reporting possible vulnerabilities

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚