190 Open source projects that are alternatives of or similar to vulndb-data-mirror

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

A simple Java command-line utility to mirror the CVE JSON data from NIST.

A Java library for parsing and programmatically using threat models

Integrates OWASP Zed Attack Proxy reports into SonarQube

Vendor-Neutral Security Tool Automation Controller (over REST)

Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

The PHP Security Checker

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Vulnerability Labs for security analysis

Writeup of CVE-2020-15906

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

cve-search - a tool to perform local searches for known vulnerabilities

Poc Collected for study and develop

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Resources for Windows exploit development

Original Automated CVE Checking Tool

ES File Explorer Open Port Vulnerability - CVE-2019-6447

A collection of curated Java Deserialization Exploits

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

鹿不在侧，鲸不予游🐋

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Extraction of iMessage Data via XSS

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Unofficial api for cve.mitre.org

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Exploiting Edge's read:// urlhandler

The Correlated CVE Vulnerability And Threat Intelligence Database API

OSINT tool - gets data from services like shodan, censys etc. in one app

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

CVE Alerting Platform

🔪Browser logic vulnerabilities ☠️

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

CVE-2018-8120 Windows LPE exploit

A collection of JavaScript engine CVEs with PoCs

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

✍️ A curated list of CVE PoCs.

Tracking CVEs for the linux Kernel

Vulnerability (CVE) scanner for Nix/NixOS.

PatrowlHears - Vulnerability Intelligence Center / Exploits

WebMap-Nmap Web Dashboard and Reporting

快速搭建各种漏洞环境(Various vulnerability environment)

The clever vulnerability dependency finder

BootStomp: a bootloader vulnerability finder

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Containing Self Made Perl Reproducers / PoC Codes

A social experiment

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms