Trending repositories for topic vulnerability

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Software Security Vulnerability Hub

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

This repository contains the scanner component for Greenbone Community Edition.

vulhub Vulnerability Reproduction Designated Platform

Source code for Hacker101.com - a free online web and mobile security class.

A list of web application security

Penetration tests guide based on OWASP including test cases, resources and examples.

🎯 Command Injection Payload List

Burp Suite Certified Practitioner Exam Study

🧵 CLI tool for directly patching container images!

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

Open Source Vulnerability Management Platform

Software Security Vulnerability Hub

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

Some Useful Tricks for Pentest Android and iOS Apps

Stakeholder-Specific Vulnerability Categorization

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

vulhub Vulnerability Reproduction Designated Platform

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Burp Suite Certified Practitioner Exam Study

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

HackerOne资产更新 | 每日更新HackerOne资产，对HackerOne的资产进行爬行和整理，SRC资产更新仅会增加，不会进行删除，每天更新的可以进行差异化对比来获取到新的项目资产范围

🧵 CLI tool for directly patching container images!

Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Nacos 综合利用工具

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

Penetration tests guide based on OWASP including test cases, resources and examples.

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

全网首发 The first Vite scanner on the entire network Automatic target asset collection via FOFA Multi-threaded concurrent scanning Automatic CSV report generation

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Software Security Vulnerability Hub

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

全网首发 The first Vite scanner on the entire network Automatic target asset collection via FOFA Multi-threaded concurrent scanning Automatic CSV report generation

A vulnerability scanner for container images and filesystems

This repository contains the scanner component for Greenbone Community Edition.

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

vulhub Vulnerability Reproduction Designated Platform

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

A list of web application security

🎯 Command Injection Payload List

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Gather and update all available and newest CVEs with their PoC.

Source code for Hacker101.com - a free online web and mobile security class.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

全网首发 The first Vite scanner on the entire network Automatic target asset collection via FOFA Multi-threaded concurrent scanning Automatic CSV report generation

Software Security Vulnerability Hub

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Takeover Account OpenSSH

A curated list of awesome smart contract datasets

A very simple open source implementation of Google's Project Naptime

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

vulhub Vulnerability Reproduction Designated Platform

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Some Useful Tricks for Pentest Android and iOS Apps

AI engine for smart contract audit

Nacos 综合利用工具

Burp Suite Certified Practitioner Exam Study

全网首发 The first Vite scanner on the entire network Automatic target asset collection via FOFA Multi-threaded concurrent scanning Automatic CSV report generation

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

vulhub Vulnerability Reproduction Designated Platform

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A vulnerability scanner for container images and filesystems

A very simple open source implementation of Google's Project Naptime

Open Source Vulnerability Management Platform

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

🧵 CLI tool for directly patching container images!

This repository contains the scanner component for Greenbone Community Edition.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Gather and update all available and newest CVEs with their PoC.

Collection of methodology and test case for various web vulnerabilities.

🎯 Command Injection Payload List

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

A list of web application security

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

A very simple open source implementation of Google's Project Naptime

全网首发 The first Vite scanner on the entire network Automatic target asset collection via FOFA Multi-threaded concurrent scanning Automatic CSV report generation

Software Security Vulnerability Hub

DevGuard Backend - Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

vulhub Vulnerability Reproduction Designated Platform

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

A curated list of awesome smart contract datasets

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector findings. It provisions essential resources such as an SSM document, L...

Takeover Account OpenSSH

AI engine for smart contract audit

Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...

🧵 CLI tool for directly patching container images!

This repository is all about tips on ethical hacking and penetration testing!

No description

All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

vulhub Vulnerability Reproduction Designated Platform

A Terminal UI for browsing security vulnerabilities (CVEs)

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

HackerOne资产更新 | 每日更新HackerOne资产，对HackerOne的资产进行爬行和整理，SRC资产更新仅会增加，不会进行删除，每天更新的可以进行差异化对比来获取到新的项目资产范围

AI engine for smart contract audit

Octoscan is a static vulnerability scanner for GitHub action workflows.

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

Dependi (formerly crates)

Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB

A very simple open source implementation of Google's Project Naptime

Software Security Vulnerability Hub

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Delveline is a Code Vulnerability Analyzer for Java and Kotlin that supports best practices in security and risk management.

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

一个集合了多种语言的实战化Web靶场 | A practical Web shooting range that integrates multiple languages

Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )

Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem

GiveWP PHP Object Injection exploit

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

A vulnerability scanner for container images and filesystems

vulhub Vulnerability Reproduction Designated Platform

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

All about bug bounty (bypasses, payloads, and etc)

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

This repository contains the scanner component for Greenbone Community Edition.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Gather and update all available and newest CVEs with their PoC.

Collection of methodology and test case for various web vulnerabilities.

secator - the pentester's swiss knife

Open Source Vulnerability Management Platform

A list of web application security

🎯 Command Injection Payload List

Nacos 综合利用工具

Octoscan is a static vulnerability scanner for GitHub action workflows.

vulhub Vulnerability Reproduction Designated Platform

一个集合了多种语言的实战化Web靶场 | A practical Web shooting range that integrates multiple languages

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

AI engine for smart contract audit

MegaVul - The largest, high-quality, extensible, continuously updated, C/C++/Java vulnerability dataset

PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)

PfSense Stored XSS lead to Arbitrary Code Execution exploit

A very simple open source implementation of Google's Project Naptime

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...

A curated list of awesome smart contract datasets

LEKIR - Vulnerable by design to help people learn about common web security

A Terminal UI for browsing security vulnerabilities (CVEs)

全网首发 The first Vite scanner on the entire network Automatic target asset collection via FOFA Multi-threaded concurrent scanning Automatic CSV report generation

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Some Useful Tricks for Pentest Android and iOS Apps