All Categories → Security → vulnerability

Top 229 vulnerability open source projects

Droid Application Fuzz Framework
Android application fuzzing framework with fuzzers and crash monitor.
Ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Api Fuzzer
API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
Killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Php7 Opcache Override
Security-related PHP7 OPcache abuse tools and demo
Fuzzit
CLI to integrate continuous fuzzing with Fuzzit
Exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Pub
Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Gemsurance
Gem vulnerability checker using rubysec/ruby-advisory-db
Vulnfanatic
A Binary Ninja plugin for vulnerability research.
Papers
SlowMist Vulnerability Research Advisories
Howtohunt
Tutorials and Things to Do while Hunting Vulnerability.
Dvhma
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
Avpwn
List of real-world threats against endpoint protection software
Adapt
ADAPT is a tool that performs automated Penetration Testing for WebApps.
Godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Cve Check Tool
Original Automated CVE Checking Tool
Javalearnvulnerability
Java漏洞学习笔记 Deserialization Vulnerability
Js Vuln Db
A collection of JavaScript engine CVEs with PoCs
Vulnix
Vulnerability (CVE) scanner for Nix/NixOS.
Burp Retire Js
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Magevulndb
List of Magento extensions with known security issues.
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Myriam
A vulnerable iOS App with Security Challenges for the Security Researcher inside you.
Exploit Framework
🔥 An Exploit framework for Web Vulnerabilities written in Python
Linuxflaw
This repo records all the vulnerabilities of linux software I have reproduced in my local workspace
Wprecon
WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Spectre Meltdown Poc
A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
Fortiscan
A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.
Safiler
Safari local file reader
Xvwa
XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Vulrec
Vulnerability Recurrence:漏洞复现记录
Ansvif
A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Not Your Average Web Crawler
A web crawler (for bug hunting) that gathers more than you can imagine.
Nonce Disrespect
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
Fuzz.txt
Potentially dangerous files
Check Cve 2019 19781
Test a host for susceptibility to CVE-2019-19781
Ssrfmap
Automatic SSRF fuzzer and exploitation tool
Burp Unauth Checker
burpsuite extension for check unauthorized vulnerability
Amonet
A bootrom exploit for MediaTek devices
Django cve 2019 19844 poc
PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Docx Embeddedhtml Injection
Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.
H4cker
This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Audit Check
🛡️ GitHub Action for security audits
Trackray
溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Jscpwn
PoC exploit for CVE-2016-4622
Rvd
Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
Ble Security Attack Defence
✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
1-60 of 229 vulnerability projects