304 Open source projects that are alternatives of or similar to Linuxflaw

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

🛡️ GitHub Action for security audits

Writeup of CVE-2020-15906

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

A collection of curated Java Deserialization Exploits

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

SQL Vulnerability Scanner

Vulnerability Database | huntr.dev

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

Reverse Shell as a Service

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Steal Net-NTLM Hash using Bad-PDF

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Resources for Windows exploit development

OSINT tool - gets data from services like shodan, censys etc. in one app

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Apache Solr Injection Research

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

A laboratory for learning secure web and mobile development in a practical manner.

Automatic SSRF fuzzer and exploitation tool

CVE-2018-8120 Windows LPE exploit

The hackers tool belt

Auto Scanning to SSL Vulnerability

hack tools

Test a host for susceptibility to CVE-2019-19781

Proofs-of-concept

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Safari local file reader

A curated list of awesome baseband research resources

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

hacker, ready for more of our story ! 🚀

burpsuite extension for check unauthorized vulnerability

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

0day安全_软件漏洞分析技术

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

CVE Alerting Platform

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

A bootrom exploit for MediaTek devices

Here you can get full exploit for SAP NetWeaver AS JAVA

Use the docker to build a vulnerability environment

A vulnerability scanner for container images and filesystems

Penetration Testing Platform

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Tracking CVEs for the linux Kernel

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

WebMap-Nmap Web Dashboard and Reporting

IoT 固件漏洞复现环境

Create actionable data from your Vulnerability Scans