Trending repositories for topic vulnerability
serve as a reverse proxy to protect your web services from attacks and exploits.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
This repository contains the scanner component for Greenbone Community Edition.
Source code for Hacker101.com - a free online web and mobile security class.
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Collection of methodology and test case for various web vulnerabilities.
Delveline is a Code Vulnerability Analyzer for Java and Kotlin that supports best practices in security and risk management.
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]
serve as a reverse proxy to protect your web services from attacks and exploits.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
This repository contains the scanner component for Greenbone Community Edition.
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as gene...
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
serve as a reverse proxy to protect your web services from attacks and exploits.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
This repository contains the scanner component for Greenbone Community Edition.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Collection of methodology and test case for various web vulnerabilities.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Delveline is a Code Vulnerability Analyzer for Java and Kotlin that supports best practices in security and risk management.
🧵 CLI tool for directly patching container images!
Delveline is a Code Vulnerability Analyzer for Java and Kotlin that supports best practices in security and risk management.
Tool for collecting vulnerability data from various sources (used to build the grype database)
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Some Useful Tricks for Pentest Android and iOS Apps
vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
🧵 CLI tool for directly patching container images!
serve as a reverse proxy to protect your web services from attacks and exploits.
✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Automated exploit scanner for cameras on the internet
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
serve as a reverse proxy to protect your web services from attacks and exploits.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
This repository contains the scanner component for Greenbone Community Edition.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
🧵 CLI tool for directly patching container images!
Collection of methodology and test case for various web vulnerabilities.
A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email
A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email
CVE-2024-52940 - A zero-day vulnerability in AnyDesk's "Allow Direct Connections" feature, discovered and registered by Ebrahim Shafiei (EbraSha), exposing public and private IP addresses. For details...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
Some Useful Tricks for Pentest Android and iOS Apps
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
serve as a reverse proxy to protect your web services from attacks and exploits.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
Tool for collecting vulnerability data from various sources (used to build the grype database)
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
Octoscan is a static vulnerability scanner for GitHub action workflows.
Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email
PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
serve as a reverse proxy to protect your web services from attacks and exploits.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A vulnerability scanner for container images and filesystems
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
This repository contains the scanner component for Greenbone Community Edition.
Collection of methodology and test case for various web vulnerabilities.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具
Octoscan is a static vulnerability scanner for GitHub action workflows.
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such ...
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
MegaVul - The largest, high-quality, extensible, continuously updated, C/C++/Java vulnerability dataset
Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...
PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
DevGuard Backend - Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project
Some Useful Tricks for Pentest Android and iOS Apps
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".