Trending repositories for topic vulnerability

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

A vulnerability scanner for container images and filesystems

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

:: 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具。

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Gather and update all available and newest CVEs with their PoC.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Cybersecurity Knowledge Base

Open Source Vulnerability Management Platform

A Terminal UI for browsing security vulnerabilities (CVEs)

Burp Suite Certified Practitioner Exam Study

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Cybersecurity Knowledge Base

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

A Terminal UI for browsing security vulnerabilities (CVEs)

:: 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具。

Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Burp Suite Certified Practitioner Exam Study

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

一个Vulhub漏洞复现知识库

The EXCLUSIVE Collection of 36,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A DNS rebinding attack framework.

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

A vulnerability scanner for container images and filesystems

漏洞批量验证框架

🧵 CLI tool for directly patching container images using reports from vulnerability scanners

Dig Vulnerabilities in the BlackBox

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

A vulnerability scanner for container images and filesystems

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Gather and update all available and newest CVEs with their PoC.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A Terminal UI for browsing security vulnerabilities (CVEs)

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

A DNS rebinding attack framework.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

🎯 Command Injection Payload List

Open Source Vulnerability Management Platform

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

This repository contains the scanner component for Greenbone Community Edition.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A list of web application security

一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it

Cybersecurity Knowledge Base

A Terminal UI for browsing security vulnerabilities (CVEs)

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

:: 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具。

Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)

A DNS rebinding attack framework.

一个Vulhub漏洞复现知识库

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Jar Analyzer - 一个JAR包分析工具，批量分析搜索，方法调用关系搜索，字符串搜索，Spring分析，CFG分析，JVM Stack Frame分析，远程分析Tomcat，进阶表达式搜索，自定义SQL查询，字节码查看，字节码指令级的动态调试，命令行分析，反编译JAR包一键导出，集成简易RASP

漏洞批量验证框架

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Burp Suite Certified Practitioner Exam Study

Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)

SQL Injection Vulnerability Scanner made with Python

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gath...

A Terminal UI for browsing security vulnerabilities (CVEs)

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A vulnerability scanner for container images and filesystems

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A Terminal UI for browsing security vulnerabilities (CVEs)

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Gather and update all available and newest CVEs with their PoC.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

This repository contains the scanner component for Greenbone Community Edition.

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

🎯 Command Injection Payload List

Jar Analyzer - 一个JAR包分析工具，批量分析搜索，方法调用关系搜索，字符串搜索，Spring分析，CFG分析，JVM Stack Frame分析，远程分析Tomcat，进阶表达式搜索，自定义SQL查询，字节码查看，字节码指令级的动态调试，命令行分析，反编译JAR包一键导出，集成简易RASP

Automatic SSRF fuzzer and exploitation tool

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Open Source Vulnerability Management Platform

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

A Terminal UI for browsing security vulnerabilities (CVEs)

Cybersecurity Knowledge Base

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

SecNotes: 记录安全学习之路。包含红蓝攻防，安全运营，甲方安全建设，威胁情报，安全事件响应，蜜罐，安全证书考试等。

secator - the pentester's swiss knife

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

NetProbe: Network Probe

历史漏洞的细节以及利用方法汇总收集

Jar Analyzer - 一个JAR包分析工具，批量分析搜索，方法调用关系搜索，字符串搜索，Spring分析，CFG分析，JVM Stack Frame分析，远程分析Tomcat，进阶表达式搜索，自定义SQL查询，字节码查看，字节码指令级的动态调试，命令行分析，反编译JAR包一键导出，集成简易RASP

An ever-growing list of resources for data-driven vulnerability assessment and prioritization

:: 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具。

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m...

Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)

一个Vulhub漏洞复现知识库

The trustworthy ReDoS checker

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

Jar Analyzer - 一个JAR包分析工具，批量分析搜索，方法调用关系搜索，字符串搜索，Spring分析，CFG分析，JVM Stack Frame分析，远程分析Tomcat，进阶表达式搜索，自定义SQL查询，字节码查看，字节码指令级的动态调试，命令行分析，反编译JAR包一键导出，集成简易RASP

:: 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具。

A Terminal UI for browsing security vulnerabilities (CVEs)

Corax for Java: A general static analysis framework for java code checking.

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m...

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

A centralized repository of standalone security patches for open source libraries.

WPS-Office 1-Click RCE exp 202308091546

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

CVE-2023-22515: Confluence Broken Access Control Exploit

Report and exploit of CVE-2023-36427

历史漏洞的细节以及利用方法汇总收集

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Simple Latest CVE Collector Written in Python

Improper Authorization Vulnerability in Confluence Data Center and Server + bonus 🔥

WallEscape vulnerability in util-linux

Simple PoC for demonstrating Race Conditions on Websockets

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

A vulnerability scanner for container images and filesystems

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

All about bug bounty (bypasses, payloads, and etc)

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Gather and update all available and newest CVEs with their PoC.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Collection of methodology and test case for various web vulnerabilities.

This repository contains the scanner component for Greenbone Community Edition.

🎯 Command Injection Payload List

Open Source Vulnerability Management Platform

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

Source code for Hacker101.com - a free online web and mobile security class.

:: 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具。

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

Corax for Java: A general static analysis framework for java code checking.

Jar Analyzer - 一个JAR包分析工具，批量分析搜索，方法调用关系搜索，字符串搜索，Spring分析，CFG分析，JVM Stack Frame分析，远程分析Tomcat，进阶表达式搜索，自定义SQL查询，字节码查看，字节码指令级的动态调试，命令行分析，反编译JAR包一键导出，集成简易RASP

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Simple Latest CVE Collector Written in Python

历史漏洞的细节以及利用方法汇总收集

CVE-2023-22515: Confluence Broken Access Control Exploit

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gath...

Simple PoC for demonstrating Race Conditions on Websockets

The EXCLUSIVE Collection of 36,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Analysis of the vulnerability

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

Service that scans your Infrastructure as Code for common vulnerabilities

Static Code Analysis Toolkit for Vulnerability Detection and Mitigation

Cybersecurity Knowledge Base