Build software better, together

swisskyrepo / PayloadsAllTheThings

Sponsor

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

security hacking web-application cheatsheet enumeration penetration-testing bounty vulnerability methodology bugbounty pentest bypass payload payloads hacktoberfest privilege-escalation redteam

Updated Dec 22, 2021
Python

Hacker0x01 / hacker101

Star

Source code for Hacker101.com - a free online web and mobile security class.

education security hacking xss sql-injection vulnerability csrf web-security mobile-security clickjacking hackerone session-fixation hacker101 unchecked-redirects

Updated Dec 10, 2021
SCSS

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

training exploit hackers hacking cybersecurity penetration-testing exploits vulnerability awesome-list video-course hacker vulnerability-management vulnerability-identification vulnerability-scanners vulnerability-assessment ethical-hacking awesome-lists exploit-development ethicalhacking hacking-series

Updated Dec 23, 2021
Jupyter Notebook

aquasecurity / trivy

Star

Open

NPM v7 lockFileVersion = 2 is not supported in Trivy filesystem scan

10

hideme4u commented Nov 1, 2021

Description

we have NPM7 generated package-lock.json with lockFileVersion = 2. Now when we scan Node.js project using Trivy filesystem scan, Trivy does not find out packages from package-lock.json.
It is working with lockFileVersion = 1

What did you expect to happen?

It should find out packages in package-lock.json

What happened instead?

It did not find out packages from pack

Remove PodSecurityPolicy in the helm manifest

1

Open

pnpm support would be nice

3

Find more good first issues

chaitin / xray

Star

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

security xss poc vulnerability passive-vulnerability-scanner sqlinjection vulnerability-scanner

Updated Dec 16, 2021
Vue

frohoff / ysoserial

Star

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

java serialization exploit jvm deserialization gadget poc vulnerability javadeser

Updated Dec 8, 2021
Java

LandGrey / SpringBootVulExploit

Star

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

rce vulnerability springboot springcloud springboot-actuator-rce spring-boot-vulnerability spring-vulnerability spring-actuator-vulnerability

Updated Mar 10, 2021
Java

infobyte / faraday

Star

Collaborative Penetration Test and Vulnerability Management Platform

security devops chatops security-audit collaboration orchestration nmap penetration-testing vulnerability infosec pentesting collaborative cve nessus vulnerability-management vulnerability-scanners burpsuite security-automation devsecops continuous-scanning

Updated Dec 21, 2021
Python

zhzyker / exphub

Star

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

drupal exploit nexus tomcat poc vulnerability webshell exp weblogic getshell cve-2020-1938 cve-2020-2551 cve-2020-2555 cve-2020-10199 cve-2020-10204 cve-2020-2883 cve-2020-11444 cve-2020-5902 cve-2020-14882

Updated Apr 4, 2021
Python

KathanP19 / HowToHunt

Star

Tutorials and Things to Do while Hunting Vulnerability.

tutorials vulnerability bugbounty bugbountytips bughunting-methodology

Updated Dec 8, 2021

anchore / grype

Star

Open

Docs for using templates should point to view models, not JSON output

2

luhring commented Jun 8, 2021

Our current documentation for using templates points users to the JSON output to learn about what data is available to the template author. This is insufficient, because although it currently describes the correct shape of data, it leaves users guessing at the correct casing for field names.

A better source of truth than the JSON output is the

Extend vulnerability matchers

2

scipag / vulscan

Star

Advanced vulnerability scanning with Nmap NSE

security security-audit lua exploit lua-script nmap penetration-testing vulnerability vulnerability-databases vulnerability-detection nse vulnerability-identification vulnerability-scanners security-scanner vulnerability-assessment nmap-scripts nsescript nmap-scan-script vulnerability-scanning vulnerability-database-entry

Updated Sep 2, 2021
Lua

tunz / js-vuln-db

Star

A collection of JavaScript engine CVEs with PoCs

javascript vulnerability cve

Updated Sep 3, 2019

goodwithtech / dockle

Sponsor

Star

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

go docker kubernetes golang security security-audit containers linter vulnerability security-tools

Updated Dec 9, 2021
Go

swisskyrepo / SSRFmap

Sponsor

Star

Automatic SSRF fuzzer and exploitation tool

vulnerability ctf pentest exploitation hacktoberfest ssrf server-side-request-forgery ssrfmap

Updated Oct 27, 2021
Python

Voorivex / pentest-guide

Star

Penetration tests guide based on OWASP including test cases, resources and examples.

penetration-testing vulnerability bugbounty pentest bypass payload writeup owasp-tests

Updated Apr 23, 2021

NCSC-NL / log4shell

Star

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

log4j vulnerability cve-2021-44228 log4shell cve-2021-45046 cve-2021-4104 cve-2021-45105

Updated Dec 24, 2021
Python

iSafeBlue / TrackRay

Star

vulnerability pentest

Updated Jan 5, 2021
Java

s4n7h0 / xvwa

Star

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

mysql php knowledge vulnerability application-security xvwa learning-appsec

Updated Sep 12, 2020
PHP

Bo0oM / fuzz.txt

Star

Potentially dangerous files

files list web vulnerability fuzz dirbuster

Updated Jul 8, 2021

hahwul / dalfox

Star

🌘

🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

golang security xss vulnerability bugbounty xss-scanner xss-detection devsecops xss-exploit xss-bruteforce cicd-pipeline bugbounty-tool

Updated Dec 23, 2021
Go

c0ny1 / vulstudy

Star

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

vulnerability docker-image-builder

Updated Mar 25, 2020
Shell

greenbone / openvas-scanner

Star

This repository contains the scanner component for Greenbone Vulnerability Management (GVM). If you are looking for the whole OpenVAS framework please take a look at https://community.greenbone.net/t/frequently-asked-questions-faq/5558.

scanner vulnerability openvas vulnerability-detection vulnerability-management vulnerability-scanners vulnerability-assessment gvm greenbone greenbone-vulnerability-management openvas-scanner

Updated Dec 20, 2021
C

lukechilds / reverse-shell

Sponsor

Star

Reverse Shell as a Service

microservice reverse-shell exploit prank joke vulnerability pentesting

Updated Oct 20, 2020
JavaScript

anouarbensaad / vulnx

Star

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

bot crawler hacking exploits vulnerability pentest vulnerability-detection vulnerability-assessment information-gathering security-tools cms-detector cloudflare-detection shell-injection vulnerability-exploit website-vulnerability-scanner wp-scanner auto-exploiter dorks detects-vulnerabilities subdomains-gathering

Updated Aug 1, 2021
Python

Lifka / hacking-resources

Star

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

osint tools powershell malware hacking network-monitoring vulnerability hacker gathering social-engineering ethicalhacking

Updated Nov 28, 2021

HASecuritySolutions / VulnWhisperer

Star

Create actionable data from your Vulnerability Scans

python elasticsearch elasticstack logstash vulnerability qualys nessus

Updated Dec 13, 2021
Python

jeffzh3ng / fuxi

Star

Penetration Testing Platform

security penetration-testing vulnerability pentest-tool

Updated Dec 13, 2021
Python

1N3 / BlackWidow

Star

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Updated Sep 27, 2021
Python

nixawk / labs

Star

Vulnerability Labs for security analysis

security exploit vulnerability cve

Updated Mar 10, 2021
Python

vulnerability

Here are 856 public repositories matching this topic...

swisskyrepo / PayloadsAllTheThings

Hacker0x01 / hacker101

The-Art-of-Hacking / h4cker

aquasecurity / trivy

NPM v7 lockFileVersion = 2 is not supported in Trivy filesystem scan

Description

What did you expect to happen?

What happened instead?

Remove PodSecurityPolicy in the helm manifest

pnpm support would be nice

chaitin / xray

frohoff / ysoserial

LandGrey / SpringBootVulExploit

infobyte / faraday

zhzyker / exphub

KathanP19 / HowToHunt

anchore / grype

Docs for using templates should point to view models, not JSON output

Extend vulnerability matchers

scipag / vulscan

tunz / js-vuln-db

goodwithtech / dockle

swisskyrepo / SSRFmap

Voorivex / pentest-guide

NCSC-NL / log4shell

iSafeBlue / TrackRay

s4n7h0 / xvwa

Bo0oM / fuzz.txt

hahwul / dalfox

c0ny1 / vulstudy

greenbone / openvas-scanner

lukechilds / reverse-shell

anouarbensaad / vulnx

Lifka / hacking-resources

HASecuritySolutions / VulnWhisperer

jeffzh3ng / fuxi

1N3 / BlackWidow

nixawk / labs

Improve this page

Add this topic to your repo