304 Open source projects that are alternatives of or similar to Js Vuln Db

Wordpress Vulnerability Scanner

Here you can get full exploit for SAP NetWeaver AS JAVA

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

List of Magento extensions with known security issues.

The PHP Security Checker

Potentially dangerous files

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Asynchronous Python implementation of SlowLoris DoS attack

Automatic SSRF fuzzer and exploitation tool

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

web scanner - exploitation - information gathering

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

A bootrom exploit for MediaTek devices

Steal Net-NTLM Hash using Bad-PDF

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Unofficial api for cve.mitre.org

Penetration tests guide based on OWASP including test cases, resources and examples.

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Resources for Windows exploit development

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

cve-search - a tool to perform local searches for known vulnerabilities

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Greenbone Vulnerability Manager

Safari local file reader

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

PatrowlHears - Vulnerability Intelligence Center / Exploits

🎯 Command Injection Payload List

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

A DNS rebinding attack framework.

PoC exploit for CVE-2016-4622

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

Reverse Shell as a Service

A laboratory for learning secure web and mobile development in a practical manner.

OPCDE Cybersecurity Conference Materials

The clever vulnerability dependency finder

Auto Scanning to SSL Vulnerability

Source code for Hacker101.com - a free online web and mobile security class.

A collection of curated Java Deserialization Exploits

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

hack tools

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A social experiment

Proofs-of-concept

Apache Solr Injection Research

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

CVE-2018-8120 Windows LPE exploit

The hackers tool belt