In Spectre MeltdownThis tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
MrspickyMrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.
Vulstudy使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
Cve 2018 20555Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555
UnjailmeA sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)
Hacker ezinesA collection of electronic hacker magazines carefully curated over the years from multiple sources
Ossf Cve BenchmarkThe OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
Vulnerability Data ArchiveWith the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools
Attack Surface Detector BurpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Sap exploitHere you can get full exploit for SAP NetWeaver AS JAVA
FuxiPenetration Testing Platform
Bitp0wnAlgorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.
VulnwhispererCreate actionable data from your Vulnerability Scans
SlowlorisAsynchronous Python implementation of SlowLoris DoS attack
Openvas ScannerOpen Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
NugetdefenseAn MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.
Vulnxvulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
LabsVulnerability Labs for security analysis
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
TrivyScanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
WhourTool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
VfeedThe Correlated CVE Vulnerability And Threat Intelligence Database API
Bad PdfSteal Net-NTLM Hash using Bad-PDF
HerpaderpingProcess Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Uxss Db🔪Browser logic vulnerabilities ☠️
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Damn Vulnerable Graphql ApplicationDamn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
SecdevlabsA laboratory for learning secure web and mobile development in a practical manner.
OpcdeOPCDE Cybersecurity Conference Materials
A2svAuto Scanning to SSL Vulnerability
Vulscanvulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
YsoserialA proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Hackinghacker, ready for more of our story ! 🚀
Hardware And Firmware Security GuidanceGuidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
GrypeA vulnerability scanner for container images and filesystems
Javadeserh2hcSample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
RbndrSimple DNS Rebinding Service
Iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
FidlA sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research