{"id":13797229,"url":"https://github.com/keenrivals/bugsite-index","last_synced_at":"2025-05-13T02:31:53.419Z","repository":{"id":145040899,"uuid":"58058576","full_name":"KeenRivals/Bugsite-Index","owner":"KeenRivals","description":"Index of websites publishing bugs along the lines of heartbleed.com","archived":false,"fork":false,"pushed_at":"2018-02-21T12:46:28.000Z","size":38805,"stargazers_count":40,"open_issues_count":0,"forks_count":3,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-08-04T23:11:00.089Z","etag":null,"topics":["heartbleed","mitm-attacks","netsec","security","ssl","tls"],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KeenRivals.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-05-04T14:27:53.000Z","updated_at":"2023-09-08T17:09:58.000Z","dependencies_parsed_at":"2024-01-21T08:46:21.837Z","dependency_job_id":null,"html_url":"https://github.com/KeenRivals/Bugsite-Index","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeenRivals%2FBugsite-Index","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeenRivals%2FBugsite-Index/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeenRivals%2FBugsite-Index/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeenRivals%2FBugsite-Index/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KeenRivals","download_url":"https://codeload.github.com/KeenRivals/Bugsite-Index/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225167415,"owners_count":17431595,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["heartbleed","mitm-attacks","netsec","security","ssl","tls"],"created_at":"2024-08-03T23:01:25.474Z","updated_at":"2025-05-13T02:31:53.411Z","avatar_url":"https://github.com/KeenRivals.png","language":"HTML","funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"# Overview\n\nThe goal of this project is to maintain a list of bug websites such as [Heartbleed.com](http://heartbleed.com). Contributions welcome!\n\n# Websites\n\n* [Backronym.fail](http://backronym.fail/) – allows for an attacker to downgrade and snoop on the SSL/TLS connection that MySQL client libraries use to communicate to a MySQL server.\n* [Badlock.org](http://badlock.org/) – MITM attack for samba in an Active Directory environment.\n* [BreachAttack.com](http://breachattack.com/) – HTTPS information leak by compression. Related to CRIME.\n* [Dirty COW](https://dirtycow.ninja) – a privilege escalation vulnerability in the Linux Kernel. \n* [DUHK Attack](https://duhkattack.com) – devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key allows attackers to recover the secret key.\n* [DrownAttack.com](https://drownattack.com/) – attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol.\n* [Factorable.net](https://factorable.net/) – widespread weak keys in network devices.\n* [FreakAttack.com](https://freakattack.com/) – allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption\n* [GoToFail.com](https://gotofail.com/) – certain Apple iOS versions did not check TLS certificate validity.\n* [Heartbleed.com](http://heartbleed.com) – OpenSSL memory leak which could leak private keys.\n* [httpoxy.org](https://httpoxy.org/) – insecure handling of HTTP proxy environment variable in CGI applications.\n* [ImageTragick.com](https://imagetragick.com/) – remote code execution in imagemagick via user-submitted images.\n* [KRACKAttacks.com](https://krackattacks.com/) – WPA2 vulnerability resulting from nonce reuse that enables decryption of sent packets. In some cases this leads to MITM.\n* [MeltdownAttack.com](https://meltdownattack.com) - Information leak via broken isolation between priviledged and unpriviledged memory.\n* [OCSP Status Request](http://security.360.cn/cve/CVE-2016-6304/) - Allows exhaustion of server memory through OSCP Status Requests. \n* [Poodle.io](https://poodle.io/) – allows MITM attacker to downgrade TLS connections and decrypt SSLv3 connections.\n* [ROBOTAttack.org](https://robotattack.org/) – Return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.\n* [SHAttered.io](https://shattered.io) - Collision attack against SHA-1.\n* [SpectreAttack.com](https://spectreattack.com) - Information leak via speculative execution behaviors in modern CPUs.\n* [Sweet32.info](https://sweet32.info/) - Birthday attacks on 64-bit block ciphers in TLS and OpenVPN.\n* [WeakDH.org](https://weakdh.org/) – applications which support DHE_EXPORT ciphers allow MITM via weak Diffie-Hellman keys.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeenrivals%2Fbugsite-index","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeenrivals%2Fbugsite-index","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeenrivals%2Fbugsite-index/lists"}