AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Api FuzzerAPI Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
KillshotA Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
FuzzitCLI to integrate continuous fuzzing with Fuzzit
ExphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
PubVulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
GemsuranceGem vulnerability checker using rubysec/ruby-advisory-db
VulnfanaticA Binary Ninja plugin for vulnerability research.
PapersSlowMist Vulnerability Research Advisories
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
DvhmaDamn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
AvpwnList of real-world threats against endpoint protection software
AdaptADAPT is a tool that performs automated Penetration Testing for WebApps.
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Js Vuln DbA collection of JavaScript engine CVEs with PoCs
VulscanAdvanced vulnerability scanning with Nmap NSE
VulnixVulnerability (CVE) scanner for Nix/NixOS.
Zeebsploitweb scanner - exploitation - information gathering
Burp Retire JsBurp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
MagevulndbList of Magento extensions with known security issues.
PhpvulnAudit tool to find common vulnerabilities in PHP source code
MyriamA vulnerable iOS App with Security Challenges for the Security Researcher inside you.
GvmdGreenbone Vulnerability Manager
LinuxflawThis repo records all the vulnerabilities of linux software I have reproduced in my local workspace
WpreconWPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
HuntrVulnerability Database | huntr.dev
Spectre Meltdown PocA semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
FortiscanA high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.
XvwaXVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.
ArissploitArissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
DockleContainer Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
VulrecVulnerability Recurrence:漏洞复现记录
AnsvifA Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Nonce DisrespectNonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
SsrfmapAutomatic SSRF fuzzer and exploitation tool
AmonetA bootrom exploit for MediaTek devices
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Trackray溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
JscpwnPoC exploit for CVE-2016-4622
RvdRobot Vulnerability Database. An archive of robot vulnerabilities and bugs.
Ble Security Attack Defence✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
ThoronThoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.