Trending repositories for topic vulnerability
serve as a reverse proxy to protect your web services from attacks and exploits.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
Collection of methodology and test case for various web vulnerabilities.
🧵 CLI tool for directly patching container images!
This repository contains the scanner component for Greenbone Community Edition.
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
Octoscan is a static vulnerability scanner for GitHub action workflows.
serve as a reverse proxy to protect your web services from attacks and exploits.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
🧵 CLI tool for directly patching container images!
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin
Corax for Java: A general static analysis framework for java code checking.
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
serve as a reverse proxy to protect your web services from attacks and exploits.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
This repository contains the scanner component for Greenbone Community Edition.
🧵 CLI tool for directly patching container images!
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Octoscan is a static vulnerability scanner for GitHub action workflows.
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
DevGuard Backend - Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
serve as a reverse proxy to protect your web services from attacks and exploits.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
🧵 CLI tool for directly patching container images!
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
serve as a reverse proxy to protect your web services from attacks and exploits.
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
This repository contains the scanner component for Greenbone Community Edition.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
🧵 CLI tool for directly patching container images!
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Pentest AI utilizes machine learning to fully automate penetration testing and exploitation for assessing port, web, and application security. It creates maps of identified CVEs, maps them into Metasp...
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
Simple Authenticated Vulnerability Scanner for Linux hosts and Docker images
MegaVul - The largest, high-quality, extensible, continuously updated, C/C++/Java vulnerability dataset
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Some Useful Tricks for Pentest Android and iOS Apps
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Octoscan is a static vulnerability scanner for GitHub action workflows.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具
Octoscan is a static vulnerability scanner for GitHub action workflows.
HackerOne资产更新 | 每日更新HackerOne资产,对HackerOne的资产进行爬行和整理,SRC资产更新仅会增加,不会进行删除,每天更新的可以进行差异化对比来获取到新的项目资产范围
Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
serve as a reverse proxy to protect your web services from attacks and exploits.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
A vulnerability scanner for container images and filesystems
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Collection of methodology and test case for various web vulnerabilities.
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
This repository contains the scanner component for Greenbone Community Edition.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
Octoscan is a static vulnerability scanner for GitHub action workflows.
Web 版 Java Payload 生成与漏洞利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等 Payload 生成,以及 JNDI Exploit、Fake Mysql Exploit、JRMPListener 等相关利用
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
MegaVul - The largest, high-quality, extensible, continuously updated, C/C++/Java vulnerability dataset
PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)
DevGuard Backend - Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码