523 Open source projects that are alternatives of or similar to Awsome Security Write Ups And Pocs

🔥 An Exploit framework for Web Vulnerabilities written in Python

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Find exploits in local and online databases instantly

🦄🔒 Awesome list of secrets in environment variables 🖥️

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

CloudFlare Checker written in Go

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

SQL Injection Payload List

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Open Redirect scanner - (out of date)

Community curated list of public bug bounty and responsible disclosure programs.

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Here you can get full exploit for SAP NetWeaver AS JAVA

My fuzzing corpus

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

No description or website provided.

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

List of real-world threats against endpoint protection software

RFD Checker - security CLI tool to test Reflected File Download issues

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

👨‍💻 A work-in-progress web services mass scanner written in Rust

The Swiss Army knife for automated Web Application Testing

JAVA 漏洞靶场 (Vulnerability Environment For Java)

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Asynchronous Python implementation of SlowLoris DoS attack

Understanding Linux Kernel Vulnerability

Vulnerability Database | huntr.dev

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Reconness Agents Script

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Pentesting/Bugbounty Dockerfiles.

This challenge is Inon Shkedy's 31 days API Security Tips.

No description or website provided.

Automated NoSQL database enumeration and web application exploitation tool.

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Powerful dork searcher and vulnerability scanner for windows platform

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Common Web Managers Fuzz Wordlists

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

My exploitDB.

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Scans a list of websites for Cloudfront or S3 Buckets

Use the docker to build a vulnerability environment

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Security-related PHP7 OPcache abuse tools and demo

CLI to integrate continuous fuzzing with Fuzzit

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.