242 Open source projects that are alternatives of or similar to astam-correlator

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Safari local file reader

A collection of JavaScript engine CVEs with PoCs

Potentially dangerous files

Wordpress Vulnerability Scanner

ADAPT is a tool that performs automated Penetration Testing for WebApps.

Vulnerability Recurrence:漏洞复现记录

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

A bootrom exploit for MediaTek devices

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Security-related PHP7 OPcache abuse tools and demo

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Original Automated CVE Checking Tool

A web crawler (for bug hunting) that gathers more than you can imagine.

Awesome Writeups and POCs

Automatic SSRF fuzzer and exploitation tool

Vulnerability (CVE) scanner for Nix/NixOS.

Penetration tests guide based on OWASP including test cases, resources and examples.

Gem vulnerability checker using rubysec/ruby-advisory-db

🛡️ GitHub Action for security audits

Audit tool to find common vulnerabilities in PHP source code

PoC exploit for CVE-2016-4622

Greenbone Vulnerability Manager

Tutorials and Things to Do while Hunting Vulnerability.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

Vulnerability Database | huntr.dev

List of real-world threats against endpoint protection software

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

Android application fuzzing framework with fuzzers and crash monitor.

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

CLI to integrate continuous fuzzing with Fuzzit

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Java漏洞学习笔记 Deserialization Vulnerability

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

Test a host for susceptibility to CVE-2019-19781

Advanced vulnerability scanning with Nmap NSE

burpsuite extension for check unauthorized vulnerability

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

web scanner - exploitation - information gathering

Securify v2.0

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

List of Magento extensions with known security issues.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

A Binary Ninja plugin for vulnerability research.

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

Extraction of iMessage Data via XSS

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities