104 Open source projects that are alternatives of or similar to Security Checker Action

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

漏洞研究

快速搭建各种漏洞环境(Various vulnerability environment)

log4j2 remote code execution or IP leakage exploit (with examples)

Some personal exploits/pocs

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

NVD/CVE as JSON files

The Correlated CVE Vulnerability And Threat Intelligence Database API

Modified Nuclei Templates Version to FUZZ Host Header

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Log4j Vulnerability Scanner for Windows

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

CVE-2018-8120 Windows LPE exploit

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Exploiting Edge's read:// urlhandler

Public Disclosures

Tracking CVEs for the linux Kernel

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Vulnerability Labs for security analysis

Red Hat Dependency Analytics extension

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A collection of my public security advisories.

Resources for Windows exploit development

Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

A PHP version scanner for reporting possible vulnerabilities

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

A collection of curated Java Deserialization Exploits

Check linux sources dump for known CVEs.

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

No description or website provided.

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Advisories and Proofs of Concept by BlackArrow

CVE Alerting Platform

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Poc Collected for study and develop

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

WebMap-Nmap Web Dashboard and Reporting

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A simple framework for sending test payloads for known web CVEs.

BootStomp: a bootloader vulnerability finder

Extensible framework for analyzing publicly available information about vulnerabilities

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

Writeup of CVE-2020-15906

一些漏洞分析

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

Unofficial api for cve.mitre.org

🔪Browser logic vulnerabilities ☠️

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).