cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

Stars: ✭ 88 (-94.9%)

Mutual labels: vulnerabilities

Poc Exploits

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

Stars: ✭ 111 (-93.56%)

Mutual labels: vulnerabilities

Dependency spy

Find known vulnerabilities in your dependencies

Stars: ✭ 87 (-94.95%)

Mutual labels: vulnerabilities

Docker Vulnerable Dvwa

Damn Vulnerable Web Application Docker container

Stars: ✭ 117 (-93.21%)

Mutual labels: vulnerabilities

Arissploit

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Stars: ✭ 114 (-93.39%)

Mutual labels: vulnerabilities

S2e

S2E: A platform for multi-path program analysis with selective symbolic execution.

Stars: ✭ 102 (-94.08%)

Mutual labels: vulnerabilities

Gimbal

Web Performance Auditing tooling

Stars: ✭ 99 (-94.26%)

Mutual labels: lighthouse

Hacksysextremevulnerabledriver

HackSys Extreme Vulnerable Windows Driver

Stars: ✭ 1,330 (-22.85%)

Mutual labels: vulnerabilities

Awesome Solidity

A curated list of awesome Solidity resources

Stars: ✭ 111 (-93.56%)

Mutual labels: vulnerabilities

Scanport

golang版高性能端口扫描工具

Stars: ✭ 90 (-94.78%)

Mutual labels: scan

Ethereum Staking Guide

Ethereum 2.0 Staking Guides

Stars: ✭ 116 (-93.27%)

Mutual labels: lighthouse

Awesome Nodejs Security

Awesome Node.js Security resources

Stars: ✭ 1,294 (-24.94%)

Mutual labels: vulnerabilities

K8portscan

跨平台大型网络端口扫描器(支持批量A段/B段/C段/IP列表(TXT)/端口列表,Banner识别比S扫描器加强版更准)

Stars: ✭ 99 (-94.26%)

Mutual labels: scan

Nodegoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Stars: ✭ 1,392 (-19.26%)

Mutual labels: vulnerabilities

Pakuri

Penetration test Achieve Knowledge Unite Rapid Interface

Stars: ✭ 125 (-92.75%)

Mutual labels: vulnerabilities

Rust Si

a rusty `scanf` (`scan!`) and inverse of `print!` (`read!`)

Stars: ✭ 116 (-93.27%)

Mutual labels: scan

View All Similar Projects ➔

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Many thanks to for supporting open source security

About

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Usage

Command line

Using Node.js's npx to run a one-off scan of a website:

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:

$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: › https://example.com
...

Exit codes

If the CLI detects an error, it will terminate with an exit code different from 0.

Exit Code 0: Everything is fine. No vulnerabilities found.

Exit Code 1: An error happened during the execution. Check the logs for details.

Exit Code 2: Vulnerabilities were found. Check the logs for details.

Docker

To build and run the container locally:

# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git

# Change to repo's cloned directory:
cd is-website-vulnerable

# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .

# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.

If you wish to provide command line arguments to is-website-vulnerable and customize the run, such as providing --json or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:

docker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json

⚠️ A modern version of Chrome is assumed to be available when using is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities

on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Test for public javascript library vulnerabilities 
        uses: lirantal/is-website-vulnerable@master
        with:
          scan-url: "https://yoursite.com"

Install

You can install globally via:

npm install -g is-website-vulnerable

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Author

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

lirantal / Is Website Vulnerable

Programming Languages

Labels

Projects that are alternatives of or similar to Is Website Vulnerable

is-website-vulnerable

About

Usage

Command line

Exit codes

Docker

GitHub Action

Install

Contributing

Author