545 Open source projects that are alternatives of or similar to rest-api

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Advanced Reconnaissance tool to enumerate attacking surface of the target.

A collection of JavaScript engine CVEs with PoCs

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

汽车/安卓/固件/代码安全测试工具集

漏洞研究

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Exploiting Edge's read:// urlhandler

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Vulnerability (CVE) scanner for Nix/NixOS.

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

A collection of my public security advisories.

Log4j Vulnerability Scanner for Windows

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Original Automated CVE Checking Tool

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

WebMap-Nmap Web Dashboard and Reporting

network reconnaissance toolkit

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Vulnerability Labs for security analysis

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Poc Collected for study and develop

🔪Browser logic vulnerabilities ☠️

The Correlated CVE Vulnerability And Threat Intelligence Database API

Extraction of iMessage Data via XSS

OSINT

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

一些漏洞分析

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Extensible framework for analyzing publicly available information about vulnerabilities

OSINT tool - gets data from services like shodan, censys etc. in one app

ES File Explorer Open Port Vulnerability - CVE-2019-6447

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Advanced vulnerability scanning with Nmap NSE

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.

Pentest: Subdomains enumeration tool for penetration testers.

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Attempts to determine the configuration, behavior, and type of a remote MQTT broker

Related subdomains finder

A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

rsGen is a Reverse Shell Payload Generator for hacking.

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

A static binary vulnerability scanner

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Multi source CVE/exploit parser.

威胁情报播报（停止运营）

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker