228 Open source projects that are alternatives of or similar to Bad Pdf

The hackers tool belt

Vulnerability assessment and penetration testing automation and reporting platform for teams.

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

IoT固件漏洞挖掘工具

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

hacker, ready for more of our story ! 🚀

漏洞研究

Apache Shiro 反序列化漏洞检测与利用工具

Juniper Junos Space (CVE-2020-1611) (PoC)

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Kubernetes security and vulnerability tools and utilities.

(Deprecated) Submit all images in your Kubernetes cluster to Anchore for a vulnerability check and check your configuration with kubeaudit

Guest to host VM escape exploit for Parallels Desktop

0day安全_软件漏洞分析技术

Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)

🕵️‍♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images

OPCDE Cybersecurity Conference Materials

Cumulus is web application weakness monitoring, it would be working by add just 3 codelines

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

A collection of my public security advisories.

Use the docker to build a vulnerability environment

My solutions to the 2020 NSA Codebreaker Challenge

Real world and CTFs exploiting web/binary POCs.

PHP - Automatically add an "index.php" in all directories recursively

A DNS rebinding attack framework.

一些漏洞分析

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

SQL Injection Payload List

Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.

hack tools

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Unsigned code loader for Exynos BootROM

Simple DNS Rebinding Service

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

Misc. Public Reports of Penetration Testing and Security Audits.

REST API backend for Reconmap

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Traditional Mitigation in GCC to defend Memory Corruption Vulnerability

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Understanding Linux Kernel Vulnerability

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

Proofs-of-concept

Designed to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion

🎯 Command Injection Payload List

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Apache Solr Injection Research

Joint Advanced Defect assEsment for android applications

Common Web Managers Fuzz Wordlists