ApiVulners Python API wrapper
JaadasJoint Advanced Defect assEsment for android applications
GowaptGo Web Application Penetration Test
VbscanOWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Vulnerable NodeA very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Droid Hunter(deprecated) Android application vulnerability analysis and Android pentest tool
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
SQL-XSSA few SQL and XSS attack tools
klustair(Deprecated) Submit all images in your Kubernetes cluster to Anchore for a vulnerability check and check your configuration with kubeaudit
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
mondoo🕵️♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management
waithaxAn implementation of the waithax / slowhax 3DS Kernel11 exploit.
NSE-scriptsNSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
xsymlinkXbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.
ExploitsReal world and CTFs exploiting web/binary POCs.
Chimay-Red-tinyThis is a minified exploit for mikrotik routers. It does not require any aditional modules to run.
Detect-CVE-2017-15361-TPMDetects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber
log4shell-finderFastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
lachesis👨💻 A work-in-progress web services mass scanner written in Rust
CVE-2021-33766ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
TORhunterDesigned to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion
attack-surface-detector-zapThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
python-sdkPython SDK to access the vulnerability database
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
smartbugsSmartBugs: A Framework to Analyze Solidity Smart Contracts
vulnerablecodeA free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
CVE-2021-31728vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.
hacking-resourcesHacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.
awesome-log4shellAn Awesome List of Log4Shell resources to help you stay informed and secure! 🔒
vulristicsExtensible framework for analyzing publicly available information about vulnerabilities
hackKubernetes security and vulnerability tools and utilities.
PwnX.py🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
TIGERPython toolbox to evaluate graph vulnerability and robustness (CIKM 2021)
scan-cli-pluginDocker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images