228 Open source projects that are alternatives of or similar to cumulus

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Phantom eye——A passive business logic vulnerability auditing tool

Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

Proof of concept of VMSA-2017-0012

SlowMist Vulnerability Research Advisories

CVE-2020-11651: Proof of Concept

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

CVE-2021-43798:Grafana 任意文件读取漏洞

Ruby library for interacting with Bugcrowd's VRT

Some of my public exploits

Extraction of iMessage Data via XSS

Current home of rubysec.com

Awesome Writeups and POCs

A static binary vulnerability scanner

Security-related PHP7 OPcache abuse tools and demo

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

Gem vulnerability checker using rubysec/ruby-advisory-db

汽车/安卓/固件/代码安全测试工具集

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

Tutorials and Things to Do while Hunting Vulnerability.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

一些漏洞分析

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Unsigned code loader for Exynos BootROM

rsGen is a Reverse Shell Payload Generator for hacking.

My solutions to the 2020 NSA Codebreaker Challenge

GitHub Action to run `npm audit`

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

Adobe Experience Manager Vulnerability Scanner

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

REST API backend for Reconmap

Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

A collection of my public security advisories.

Android application fuzzing framework with fuzzers and crash monitor.

Traditional Mitigation in GCC to defend Memory Corruption Vulnerability

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

CLI to integrate continuous fuzzing with Fuzzit

PHP - Automatically add an "index.php" in all directories recursively

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

A Binary Ninja plugin for vulnerability research.

Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

This is a complete project series on implementing hacking tools available in Kali Linux into python.

A collection of my quick and dirty scripts for vulnerability POC and detections

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

DoS PoC's for SAP products