443 Open source projects that are alternatives of or similar to Hardware And Firmware Security Guidance

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Poc Collected for study and develop

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

The Correlated CVE Vulnerability And Threat Intelligence Database API

一些漏洞分析

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Original Automated CVE Checking Tool

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Vulnerability Labs for security analysis

Extensible framework for analyzing publicly available information about vulnerabilities

REST API backend for Reconmap

Audit tool to find common vulnerabilities in PHP source code

Extraction of iMessage Data via XSS

🔪Browser logic vulnerabilities ☠️

Vulnerability (CVE) scanner for Nix/NixOS.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

🛡️ GitHub Action for security audits

A collection of JavaScript engine CVEs with PoCs

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

A collection of my public security advisories.

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

漏洞研究

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Exploiting Edge's read:// urlhandler

汽车/安卓/固件/代码安全测试工具集

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Log4j Vulnerability Scanner for Windows

Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

A vulnerability scanner for container images and filesystems

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Web Application Security Scanner Framework

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

SIP-Based Audit and Attack Tool

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Your performance & security consultant, an artisan command away.

The popular NoScript Security Suite browser extension.

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

(deprecated) Android application vulnerability analysis and Android pentest tool

Apache Shiro 反序列化漏洞检测与利用工具

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

A PHP version scanner for reporting possible vulnerabilities

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Vulners Python API wrapper

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Certified Smart Contract Audits (Ethereum, Hyperledger, xDAI, Huobi ECO Chain, Binance Smart Chain, Fantom, EOS, Tezos) by Chainsulting

Android Kernel Exploitation

A few SQL and XSS attack tools

(Deprecated) Submit all images in your Kubernetes cluster to Anchore for a vulnerability check and check your configuration with kubeaudit

Idiomatic nmap library for go developers

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Tracking CVEs for the linux Kernel