Trending repositories for topic vulnerabilities

A vulnerability scanner for container images and filesystems

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Gather and update all available and newest CVEs with their PoC.

Snyk CLI scans and monitors your projects for security vulnerabilities.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

OSS-Fuzz - continuous fuzzing for open source software.

Pentest Report Generator

A list of web application security

🧵 CLI tool for directly patching container images!

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Vulnerability Static Analysis for Containers

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

An open project to list all publicly known cloud vulnerabilities and CSP security issues

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

📦 Make security testing of K8s, Docker, and Containerd easier.

Hunt for security weaknesses in Kubernetes clusters

We track 5 million open-source packages, exposing vulnerabilities before they get CVE numbers. Many never do.

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

An open project to list all publicly known cloud vulnerabilities and CSP security issues

Internet of Vehicles Penetration testing OS.车联网渗透测试系统，开箱即用的测试环境，包含上百个常见用于车联网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、蓝牙、云平台等安全测试

🧵 CLI tool for directly patching container images!

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

A list of online news & info sources in the InfoSec/Cybersecurity space

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Pentest Report Generator

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A vulnerability scanner for container images and filesystems

Snyk CLI scans and monitors your projects for security vulnerabilities.

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Gather and update all available and newest CVEs with their PoC.

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

A list of web application security

A vulnerability scanner for container images and filesystems

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

OSS-Fuzz - continuous fuzzing for open source software.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A list of web application security

Gather and update all available and newest CVEs with their PoC.

Pentest Report Generator

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Snyk CLI scans and monitors your projects for security vulnerabilities.

Vulnerability Static Analysis for Containers

📦 Make security testing of K8s, Docker, and Containerd easier.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

🧵 CLI tool for directly patching container images!

Hunt for security weaknesses in Kubernetes clusters

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Automatically Collect POC or EXP from GitHub by CVE ID.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

An step by step fuzzing tutorial. A GitHub Security Lab initiative

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

We track 5 million open-source packages, exposing vulnerabilities before they get CVE numbers. Many never do.

Nmap script to detect a Microsoft Exchange instance version with OWA enabled.

A collection of Server-Side Prototype Pollution gadgets and exploits

Internet of Vehicles Penetration testing OS.车联网渗透测试系统，开箱即用的测试环境，包含上百个常见用于车联网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、蓝牙、云平台等安全测试

🍋 An open dataset containing smart contract audit issues from various sources.

An open project to list all publicly known cloud vulnerabilities and CSP security issues

A list of online news & info sources in the InfoSec/Cybersecurity space

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...

Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures

Automatically Collect POC or EXP from GitHub by CVE ID.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

🧵 CLI tool for directly patching container images!

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Pentest Report Generator

Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]

A vulnerability scanner for container images and filesystems

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

A living document for penetration testing and offensive security.

A vulnerability scanner for container images and filesystems

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

🧵 CLI tool for directly patching container images!

OSS-Fuzz - continuous fuzzing for open source software.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Gather and update all available and newest CVEs with their PoC.

A list of web application security

Pentest Report Generator

Vulnerability Static Analysis for Containers

An step by step fuzzing tutorial. A GitHub Security Lab initiative

📦 Make security testing of K8s, Docker, and Containerd easier.

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

CVE Alerting Platform

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Snyk CLI scans and monitors your projects for security vulnerabilities.

Hunt for security weaknesses in Kubernetes clusters

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

Web service for managing information on vulnerabilities in software distributed through Nixpkgs

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

A collection of Server-Side Prototype Pollution gadgets and exploits

🧵 CLI tool for directly patching container images!

Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...

We track 5 million open-source packages, exposing vulnerabilities before they get CVE numbers. Many never do.

List of unsafe ed25519 signature libs

A CLI tool to scan and fix your project's open-source vulnerabilities using Seal packages.

The Common Vulnerabilities Exposures (CVE) Database

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Dependency management toolkit: linter, updater, security scanner and more!

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...

Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]

A PoC exploit for CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)

VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT...

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Internet of Vehicles Penetration testing OS.车联网渗透测试系统，开箱即用的测试环境，包含上百个常见用于车联网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、蓝牙、云平台等安全测试

AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles

We track 5 million open-source packages, exposing vulnerabilities before they get CVE numbers. Many never do.

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

Dependency management toolkit: linter, updater, security scanner and more!

A vulnerability scanner for container images and filesystems

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

OSS-Fuzz - continuous fuzzing for open source software.

An step by step fuzzing tutorial. A GitHub Security Lab initiative

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Gather and update all available and newest CVEs with their PoC.

A list of web application security

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vulnerability Static Analysis for Containers

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

📦 Make security testing of K8s, Docker, and Containerd easier.

🧵 CLI tool for directly patching container images!

Pentest Report Generator

CVE Alerting Platform

Snyk CLI scans and monitors your projects for security vulnerabilities.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...

A collection of Server-Side Prototype Pollution gadgets and exploits

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

Internet of Vehicles Penetration testing OS.车联网渗透测试系统，开箱即用的测试环境，包含上百个常见用于车联网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、蓝牙、云平台等安全测试

Web service for managing information on vulnerabilities in software distributed through Nixpkgs

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

The Common Vulnerabilities Exposures (CVE) Database

List of every possible vulnerabilities in computer security.

A CLI tool to scan and fix your project's open-source vulnerabilities using Seal packages.

A collection of awesome software, libraries, learning tutorials, documents and books, technical resources and cool stuff about Blue Team in Cybersecurity.

Automate open source license compliance and ensure software supply chain integrity

A game where Cardano developers and enthusiasts can try to exploit purposely vulnerable smart contracts and learn about the most common security issues and how to prevent them.

🧵 CLI tool for directly patching container images!

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

Web Application Penetration Testing

Laravel RCE Exploit Script - CVE-2021-3129

A list of online news & info sources in the InfoSec/Cybersecurity space