643 Open source projects that are alternatives of or similar to vulnerability-lab

The Correlated CVE Vulnerability And Threat Intelligence Database API

Kubernetes security and vulnerability tools and utilities.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A collection of my public security advisories.

A collection of JavaScript engine CVEs with PoCs

Poc Collected for study and develop

Extensible framework for analyzing publicly available information about vulnerabilities

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Vulnerability (CVE) scanner for Nix/NixOS.

Extraction of iMessage Data via XSS

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

Exploiting Edge's read:// urlhandler

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Proofs-of-concept

Apache Solr Injection Research

Log4j Vulnerability Scanner for Windows

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Vulnerability Labs for security analysis

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

Some personal exploits/pocs

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

一些漏洞分析

REST API backend for Reconmap

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

🔪Browser logic vulnerabilities ☠️

Original Automated CVE Checking Tool

汽车/安卓/固件/代码安全测试工具集

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Formal semantics of LLVM IR in K

📖Notes on books and other things I'm reading 📖

This is a complete project series on implementing hacking tools available in Kali Linux into python.

Red Hat Dependency Analytics extension

🌐 linkedresearch.org

DEPRECATED & Materials Moved: This sprint was to focus on brainstorming for the Joint Roadmap for Open Science Tools.

Jdit is a research processing oriented framework based on pytorch. The docs is here!

Protocol Labs Research Grants

UNOFFICIAL Python API to interface with Parler.com

Moved to Gitlab

My past public researches are archived here

Juniper Junos Space (CVE-2020-1611) (PoC)

Guest to host VM escape exploit for Parallels Desktop

A collection of my quick and dirty scripts for vulnerability POC and detections

A research project in path semantics, a re-interpretation of functions for expressing mathematics

PLUR (Programming-Language Understanding and Repair) is a collection of source code datasets suitable for graph-based machine learning. We provide scripts for downloading, processing, and loading the datasets. This is done by offering a unified API and data structures for all datasets.

My solutions to the 2020 NSA Codebreaker Challenge

Some common recommendation system baseline, with description and link.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Current home of rubysec.com

Multilocus sequence typing by blast using the schemes from PubMLST

Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)

Project Free Our Knowledge aims to organise collective action in support of open and reproducible research practices. This repository is used to design new campaigns (using the issues feature) and to build the website (www.freeourknowledge.org).

💡 Research and development at Hyper

A simple framework for sending test payloads for known web CVEs.