336 Open source projects that are alternatives of or similar to Gvmd

XSSCon: Simple XSS Scanner tool

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

Penetration tests guide based on OWASP including test cases, resources and examples.

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Discover Your Attack Surface!

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Automated Penetration Testing Framework

🛡️ GitHub Action for security audits

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Wordpress Vulnerability Scanner

Poc Collected for study and develop

PoC exploit for CVE-2016-4622

ms17_010的批量扫描工具

Vulnerability Recurrence:漏洞复现记录

Reverse Shell as a Service

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

A curated list of vulnerable web applications.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Find secrets and passwords in container images and file systems

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Advanced dork Search & Mass Exploit Scanner

MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.

Open-Source Security Architecture | 开源安全架构

SD-WAN security and insecurity

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

A web crawler (for bug hunting) that gathers more than you can imagine.

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

Steal Net-NTLM Hash using Bad-PDF

Advanced reconnaissance utility

Python2编写的struts2漏洞全版本检测和利用工具

Docker containers vulnerability scan

🎯 Command Injection Payload List

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Python3编写的CMS漏洞检测框架

OWASP Joomla Vulnerability Scanner Project

A note-taking macOS app for penetration-testers.

A DNS rebinding attack framework.

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Easy automated vulnerability scanning, reporting and analysis

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

Robber is open source tool for finding executables prone to DLL hijacking

Fast CORS misconfiguration vulnerabilities scanner🍻

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Burp被动扫描流量转发插件

ES File Explorer Open Port Vulnerability - CVE-2019-6447

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

🔪Browser logic vulnerabilities ☠️

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

PHP malware detector