Top 229 vulnerability open source projects

Vulners Python API wrapper

Android Kernel Exploitation

Joint Advanced Defect assEsment for android applications

Go Web Application Penetration Test

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

(deprecated) Android application vulnerability analysis and Android pentest tool

Apache Shiro 反序列化漏洞检测与利用工具

Source code for Hacker101.com - a free online web and mobile security class.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

A few SQL and XSS attack tools

(Deprecated) Submit all images in your Kubernetes cluster to Anchore for a vulnerability check and check your configuration with kubeaudit

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

🕵️‍♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management

An implementation of the waithax / slowhax 3DS Kernel11 exploit.

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

Real world and CTFs exploiting web/binary POCs.

Log4j Vulnerability Scanner for Windows

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

SQL Injection Payload List

My fuzzing corpus

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

Misc. Public Reports of Penetration Testing and Security Audits.

👨‍💻 A work-in-progress web services mass scanner written in Rust

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Understanding Linux Kernel Vulnerability

XSS in pastebin.com and reddit.com via unsanitized markdown output

Designed to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion

Powerful dork searcher and vulnerability scanner for windows platform

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

Common Web Managers Fuzz Wordlists

My exploitDB.

Advanced Web Browser Fingerprinting

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Python SDK to access the vulnerability database

Vulnerability assessment and penetration testing automation and reporting platform for teams.

SmartBugs: A Framework to Analyze Solidity Smart Contracts

IoT固件漏洞挖掘工具

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

漏洞研究

No description or website provided.

Juniper Junos Space (CVE-2020-1611) (PoC)

Extensible framework for analyzing publicly available information about vulnerabilities

Kubernetes security and vulnerability tools and utilities.

Loss modelling framework.

Guest to host VM escape exploit for Parallels Desktop

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)

#INFILTRATE20 raptor's party pack

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images