173 Open source projects that are alternatives of or similar to Nist Data Mirror

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A simple Java command-line utility to mirror the entire contents of VulnDB.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Poc Collected for study and develop

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Resources for Windows exploit development

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

The clever vulnerability dependency finder

The Correlated CVE Vulnerability And Threat Intelligence Database API

HTML5 WebSocket message fuzzer

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

🔪Browser logic vulnerabilities ☠️

cve-search - a tool to perform local searches for known vulnerabilities

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Tracking CVEs for the linux Kernel

Vulnerability Labs for security analysis

Integrates Dependency-Check reports into SonarQube

Unofficial api for cve.mitre.org

PatrowlHears - Vulnerability Intelligence Center / Exploits

Exploiting Edge's read:// urlhandler

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

A social experiment

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

A vulnerable version of Rails that follows the OWASP Top 10

All-in-one tool for managing vulnerability reports from AppSec pipelines

Web path scanner

An application to assist in the organization and prioritization of software security activities.

ES File Explorer Open Port Vulnerability - CVE-2019-6447

The OWASP ZAP core project

A collection of curated Java Deserialization Exploits

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

OWASP ZAP Add-ons

The PHP Security Checker

CVE-2018-8120 Windows LPE exploit

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

CVE Alerting Platform

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

w3af: web application attack and audit framework, the open source web vulnerability scanner.

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

WebMap-Nmap Web Dashboard and Reporting

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Writeup of CVE-2020-15906

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

OSINT tool - gets data from services like shodan, censys etc. in one app