Trending repositories for topic vulnerability
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Burp Suite Certified Practitioner Exam Study
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Burp Suite Certified Practitioner Exam Study
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
The EXCLUSIVE Collection of 36,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
This repository contains the scanner component for Greenbone Community Edition.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin
Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Jar Analyzer - 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,字节码指令级的动态调试,命令行分析,反编译JAR包一键导出,集成简易RASP
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Burp Suite Certified Practitioner Exam Study
Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gath...
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
This repository contains the scanner component for Greenbone Community Edition.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Jar Analyzer - 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,字节码指令级的动态调试,命令行分析,反编译JAR包一键导出,集成简易RASP
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Jar Analyzer - 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,字节码指令级的动态调试,命令行分析,反编译JAR包一键导出,集成简易RASP
An ever-growing list of resources for data-driven vulnerability assessment and prioritization
Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin
Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m...
Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
Jar Analyzer - 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,字节码指令级的动态调试,命令行分析,反编译JAR包一键导出,集成简易RASP
Corax for Java: A general static analysis framework for java code checking.
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A centralized repository of standalone security patches for open source libraries.
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Improper Authorization Vulnerability in Confluence Data Center and Server + bonus 🔥
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A vulnerability scanner for container images and filesystems
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Collection of methodology and test case for various web vulnerabilities.
This repository contains the scanner component for Greenbone Community Edition.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Source code for Hacker101.com - a free online web and mobile security class.
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)
Corax for Java: A general static analysis framework for java code checking.
Jar Analyzer - 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,字节码指令级的动态调试,命令行分析,反编译JAR包一键导出,集成简易RASP
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gath...
Simple PoC for demonstrating Race Conditions on Websockets
The EXCLUSIVE Collection of 36,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
Service that scans your Infrastructure as Code for common vulnerabilities
Static Code Analysis Toolkit for Vulnerability Detection and Mitigation