859 Open source projects that are alternatives of or similar to Uxss Db

Extraction of iMessage Data via XSS

Vulnerability (CVE) scanner for Nix/NixOS.

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Original Automated CVE Checking Tool

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Source code for Hacker101.com - a free online web and mobile security class.

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

一些漏洞分析

XSS in pastebin.com and reddit.com via unsanitized markdown output

A collection of my public security advisories.

Powerful dork searcher and vulnerability scanner for windows platform

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Log4j Vulnerability Scanner for Windows

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Vulnerability Labs for security analysis

Audit tool to find common vulnerabilities in PHP source code

The Correlated CVE Vulnerability And Threat Intelligence Database API

汽车/安卓/固件/代码安全测试工具集

REST API backend for Reconmap

漏洞研究

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

A few SQL and XSS attack tools

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Extensible framework for analyzing publicly available information about vulnerabilities

Android application fuzzing framework with fuzzers and crash monitor.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Cure53 Browser Security White Paper

Go Web Application Penetration Test

Exploiting Edge's read:// urlhandler

Poc Collected for study and develop

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A collection of JavaScript engine CVEs with PoCs

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Proofs-of-concept

Firefox for Android

In-Browser Object Detection using Tiny YOLO on Tensorflow.js

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Remote control interface that enables introspection and control of user agents.

Pale Moon web browser

Top disclosed reports from HackerOne

Apache Solr Injection Research

支持WebRTC的多源多协议混合P2P-CDN的流媒体播放器

Classifies GPUs based on their 3D rendering benchmark score allowing the developer to provide sensible default settings for graphically intensive applications.

A toy web browser implemented in Rust from scratch

⚡️ Streaming torrent client for the web

An iOS/tvOS photo gallery viewer, useful for viewing a large (or small!) number of photos.

A small, single-file library for creating DiscordApp clients from Node.js or the browser