343 Open source projects that are alternatives of or similar to cwe-tool

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

cve-search - a tool to perform local searches for known vulnerabilities

PatrowlHears - Vulnerability Intelligence Center / Exploits

Multi source CVE/exploit parser.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Hourly updated database of exploit and exploitation reports

Integrates Dependency-Check reports into SonarQube

This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.

Vulnerability (CVE) scanner for Nix/NixOS.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

CVE Alerting Platform

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

快速搭建各种漏洞环境(Various vulnerability environment)

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

Awesome Node.js Security resources

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Audit tool to find common vulnerabilities in PHP source code

OWASP Cloud Security - Enabling conversations through threat and control stories

The OWASP ZAP core project

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Automated Security Testing For REST API's

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

Learning Penetration Testing of Android Applications

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

An open source, online threat modelling tool from OWASP

Desktop variant of OWASP Threat Dragon

In-depth Attack Surface Mapping and Asset Discovery

nodejs + express security and performance boilerplate.

Automated Penetration Testing Framework

The DevSecOps toolset for REST APIs

Sqreen's Application Security Management for the Go language

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Ready to use images of Zap and Glue, especially for CI integration.

Extraction of iMessage Data via XSS

The Secure Coding Dojo is a platform for delivering secure coding training.

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

OWASP Threat Dragon core files

OWASP Joomla Vulnerability Scanner Project

OWASP WEB Directory Scanner

In-depth Attack Surface Mapping and Asset Discovery

CSRF Protector library: standalone library for CSRF mitigation

A collection of hacking / penetration testing resources to make you better!

Vulnerability Patterns Detector for C# and VB.NET

OWASP Web Application Security Testing Checklist

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development