Top 229 vulnerability open source projects

Android application fuzzing framework with fuzzers and crash monitor.

Awesome Writeups and POCs

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

Security-related PHP7 OPcache abuse tools and demo

CLI to integrate continuous fuzzing with Fuzzit

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Gem vulnerability checker using rubysec/ruby-advisory-db

A Binary Ninja plugin for vulnerability research.

SlowMist Vulnerability Research Advisories

Tutorials and Things to Do while Hunting Vulnerability.

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

List of real-world threats against endpoint protection software

ADAPT is a tool that performs automated Penetration Testing for WebApps.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Original Automated CVE Checking Tool

Java漏洞学习笔记 Deserialization Vulnerability

A collection of JavaScript engine CVEs with PoCs

Advanced vulnerability scanning with Nmap NSE

Vulnerability (CVE) scanner for Nix/NixOS.

web scanner - exploitation - information gathering

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.

List of Magento extensions with known security issues.

Audit tool to find common vulnerabilities in PHP source code

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

🔥 An Exploit framework for Web Vulnerabilities written in Python

Greenbone Vulnerability Manager

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Wordpress Vulnerability Scanner

Vulnerability Database | huntr.dev

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

Safari local file reader

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Vulnerability Recurrence:漏洞复现记录

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

A web crawler (for bug hunting) that gathers more than you can imagine.

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Potentially dangerous files

Test a host for susceptibility to CVE-2019-19781

Automatic SSRF fuzzer and exploitation tool

burpsuite extension for check unauthorized vulnerability

A bootrom exploit for MediaTek devices

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

Penetration tests guide based on OWASP including test cases, resources and examples.

Securify v2.0

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

🛡️ GitHub Action for security audits

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

PoC exploit for CVE-2016-4622

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Reverse Shell as a Service

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.