228 Open source projects that are alternatives of or similar to Bad Pdf

A few SQL and XSS attack tools

Log4j Vulnerability Scanner for Windows

A vulnerability scanner for container images and filesystems

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

👨‍💻 A work-in-progress web services mass scanner written in Rust

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

An implementation of the waithax / slowhax 3DS Kernel11 exploit.

Auto Scanning to SSL Vulnerability

My fuzzing corpus

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

XSS in pastebin.com and reddit.com via unsanitized markdown output

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

(deprecated) Android application vulnerability analysis and Android pentest tool

A laboratory for learning secure web and mobile development in a practical manner.

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

🔪Browser logic vulnerabilities ☠️

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

IoT 固件漏洞复现环境

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Vulners Python API wrapper

Go Web Application Penetration Test

Designed to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion

The hackers tool belt

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

hacker, ready for more of our story ! 🚀

Apache Shiro 反序列化漏洞检测与利用工具

ES File Explorer Open Port Vulnerability - CVE-2019-6447

(Deprecated) Submit all images in your Kubernetes cluster to Anchore for a vulnerability check and check your configuration with kubeaudit

0day安全_软件漏洞分析技术

🕵️‍♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management

OPCDE Cybersecurity Conference Materials

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Use the docker to build a vulnerability environment

Real world and CTFs exploiting web/binary POCs.

A DNS rebinding attack framework.

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

SQL Injection Payload List

hack tools

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Simple DNS Rebinding Service

Misc. Public Reports of Penetration Testing and Security Audits.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Understanding Linux Kernel Vulnerability

Proofs-of-concept

Android Kernel Exploitation

🎯 Command Injection Payload List

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Apache Solr Injection Research

Joint Advanced Defect assEsment for android applications