juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+13351.79%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+11096.43%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+1103.57%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-42.86%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+6155.36%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+376.79%)
Sap exploitHere you can get full exploit for SAP NetWeaver AS JAVA
Stars: ✭ 60 (+7.14%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (+153.57%)
Prestashop Cve 2018 19126PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
Stars: ✭ 37 (-33.93%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (+101.79%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+1276.79%)
Mssqli DuetSQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (+46.43%)
template-injection-workshopWorkshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
Stars: ✭ 99 (+76.79%)
cyber-gymDeliberately vulnerable scripts for Web Security training
Stars: ✭ 19 (-66.07%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (+51.79%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (+173.21%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+182.14%)
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+34367.86%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+541.07%)
W3afw3af: web application attack and audit framework, the open source web vulnerability scanner.
Stars: ✭ 3,804 (+6692.86%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (+105.36%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+2335.71%)
BlisqyVersion 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Stars: ✭ 179 (+219.64%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+21767.86%)
discord-bugs-exploitsA Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.
Stars: ✭ 22 (-60.71%)
ronin-exploitsA Ruby micro-framework for writing and running exploits
Stars: ✭ 36 (-35.71%)
FastPwnCTF中Pwn的快速利用模板(包含awd pwn)
Stars: ✭ 18 (-67.86%)
IDA WrapperAn IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.
Stars: ✭ 14 (-75%)
Learning-Node.js-SecurityA Collection of articles, videos, blogs, talks and other materials on Node.js Security
Stars: ✭ 25 (-55.36%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+476.79%)
padreBlazing fast, advanced Padding Oracle exploit
Stars: ✭ 35 (-37.5%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✭ 53 (-5.36%)
spellbookFramework for rapid development and reusable of security tools
Stars: ✭ 67 (+19.64%)
firecrackerStop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (+682.14%)
Gr33k图形化漏洞利用集成工具
Stars: ✭ 361 (+544.64%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (+71.43%)
RageRage allows you to execute any file in a Microsoft Office document.
Stars: ✭ 68 (+21.43%)
RootMyTV.github.ioRootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.
Stars: ✭ 745 (+1230.36%)
sandboxed-fsSandboxed Wrapper for Node.js File System API
Stars: ✭ 41 (-26.79%)
exploitCollection of different exploits
Stars: ✭ 153 (+173.21%)
SpringBootExploit项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
Stars: ✭ 1,060 (+1792.86%)
wownedAuthentication bypass for outdated WoW emulation authentication servers
Stars: ✭ 32 (-42.86%)
CVE-2019-10149CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Stars: ✭ 15 (-73.21%)
ExploitsA personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.
Stars: ✭ 75 (+33.93%)
Umbraco-RCEUmbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (+8.93%)
Scripts-SploitsA number of scripts POC's and problems solved as pentests move along.
Stars: ✭ 37 (-33.93%)
winallenumThis powershell script has got to run in remote hacked windows host, even for pivoting
Stars: ✭ 13 (-76.79%)
exploitMy exploitDB.
Stars: ✭ 16 (-71.43%)
ObsidianSailboatNmap and NSE command line wrapper in the style of Metasploit
Stars: ✭ 36 (-35.71%)
apple-knowledgeA collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware
Stars: ✭ 338 (+503.57%)
dependency-check-pluginJenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+91.07%)
Damn-Vulnerable-BankDamn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Stars: ✭ 379 (+576.79%)