Top 229 vulnerability open source projects

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

A collection of electronic hacker magazines carefully curated over the years from multiple sources

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

A curated list of awesome baseband research resources

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Here you can get full exploit for SAP NetWeaver AS JAVA

Penetration Testing Platform

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Create actionable data from your Vulnerability Scans

It's a simple tool for test vulnerability shellshock

Asynchronous Python implementation of SlowLoris DoS attack

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Vulnerability Labs for security analysis

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Exploiting Edge's read:// urlhandler

Poc Collected for study and develop

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

SQL Vulnerability Scanner

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

Vulnerability Dashboard

The Correlated CVE Vulnerability And Threat Intelligence Database API

Steal Net-NTLM Hash using Bad-PDF

🎯 Command Injection Payload List

A DNS rebinding attack framework.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

ES File Explorer Open Port Vulnerability - CVE-2019-6447

🔪Browser logic vulnerabilities ☠️

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A laboratory for learning secure web and mobile development in a practical manner.

OPCDE Cybersecurity Conference Materials

Auto Scanning to SSL Vulnerability

hack tools

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Proofs-of-concept

Apache Solr Injection Research

The hackers tool belt

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

hacker, ready for more of our story ! 🚀

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

0day安全_软件漏洞分析技术

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Use the docker to build a vulnerability environment

A vulnerability scanner for container images and filesystems

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

IoT 固件漏洞复现环境

Simple DNS Rebinding Service

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research