Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with vulnerability

A curated list of projects in awesome lists tagged with vulnerability .

https://github.com/aquasecurity/trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

containers devsecops docker go golang hacktoberfest iac infrastructure-as-code kubernetes misconfiguration security security-tools vulnerability vulnerability-detection vulnerability-scanners

Last synced: 12 May 2025

https://github.com/chaitin/safeline

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 14 May 2025

https://github.com/chaitin/SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 25 Mar 2025

https://github.com/chaitin/xray

一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

passive-vulnerability-scanner poc security sqlinjection vulnerability vulnerability-scanner xss

Last synced: 28 Jan 2026

https://github.com/frohoff/ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

deserialization exploit gadget java javadeser jvm poc serialization vulnerability

Last synced: 14 May 2025

https://github.com/nomi-sec/poc-in-github

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

cve exploit poc security vulnerability

Last synced: 25 Jan 2026

https://github.com/nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

cve exploit poc security vulnerability

Last synced: 30 Mar 2025

https://github.com/kathanp19/howtohunt

Collection of methodology and test case for various web vulnerabilities.

bugbounty bugbountytips bughunting-methodology tutorials vulnerability

Last synced: 27 Jan 2026

https://github.com/KathanP19/HowToHunt

Collection of methodology and test case for various web vulnerabilities.

bugbounty bugbountytips bughunting-methodology tutorials vulnerability

Last synced: 17 Mar 2025

https://github.com/landgrey/springbootvulexploit

SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list

rce spring-actuator-vulnerability spring-boot-vulnerability spring-vulnerability springboot springboot-actuator-rce springcloud vulnerability

Last synced: 14 May 2025

https://github.com/LandGrey/SpringBootVulExploit

SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list

rce spring-actuator-vulnerability spring-boot-vulnerability spring-vulnerability springboot springboot-actuator-rce springcloud vulnerability

Last synced: 11 Jul 2025

https://github.com/zhzyker/exphub

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

cve-2020-10199 cve-2020-10204 cve-2020-11444 cve-2020-14882 cve-2020-1938 cve-2020-2551 cve-2020-2555 cve-2020-2883 cve-2020-5902 drupal exp exploit getshell nexus poc tomcat vulnerability weblogic webshell

Last synced: 15 May 2025

https://github.com/hahwul/dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bugbounty bugbounty-tool cicd-pipeline devsecops golang hacktoberfest security vulnerability xss xss-bruteforce xss-detection xss-exploit xss-scanner

Last synced: 12 May 2025

https://github.com/bo0om/fuzz.txt

Potentially dangerous files

dirbuster files fuzz list vulnerability web

Last synced: 27 Jan 2026

https://github.com/Bo0oM/fuzz.txt

Potentially dangerous files

dirbuster files fuzz list vulnerability web

Last synced: 24 Mar 2025

https://github.com/goodwithtech/dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

containers docker go golang kubernetes linter security security-audit security-tools vulnerability

Last synced: 14 May 2025

https://github.com/az0x7/vulnerability-checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

bugbounty security sqlinjection vulnerability vulnerability-checklist web-vulnerability

Last synced: 28 Jan 2026

https://github.com/Az0x7/vulnerability-Checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

bugbounty security sqlinjection vulnerability vulnerability-checklist web-vulnerability

Last synced: 31 Oct 2025

https://github.com/voorivex/pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

bugbounty bypass owasp-tests payload penetration-testing pentest vulnerability writeup

Last synced: 27 Jan 2026

https://github.com/Voorivex/pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

bugbounty bypass owasp-tests payload penetration-testing pentest vulnerability writeup

Last synced: 12 Mar 2025

https://github.com/c0ny1/vulstudy

使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。

docker-image-builder vulnerability

Last synced: 15 May 2025

https://github.com/tunz/js-vuln-db

A collection of JavaScript engine CVEs with PoCs

cve javascript vulnerability

Last synced: 15 May 2025

https://github.com/iSafeBlue/TrackRay

溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)

pentest vulnerability

Last synced: 05 Apr 2025

https://github.com/isafeblue/trackray

溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)

pentest vulnerability

Last synced: 15 May 2025

https://github.com/jar-analyzer/jar-analyzer

Jar Analyzer - 一个 JAR 包 GUI 分析工具,方法调用关系搜索,方法调用链 DFS 算法分析,模拟 JVM 的污点分析验证 DFS 结果,字符串搜索,Java Web 组件入口分析,CFG 程序分析,JVM 栈帧分析,自定义表达式搜索,紧跟 AI 技术发展,支持 MCP 调用,支持 n8n 工作流

bytecode jar java-asm java-bytecode java-debugger java-decompiler java-gui java-security java-vulnerability program-analysis static-analysis vulnerability web-vulnerability

Last synced: 02 Apr 2026

https://github.com/lifka/hacking-resources

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

ethicalhacking gathering hacker hacking malware network-monitoring osint powershell social-engineering tools vulnerability

Last synced: 04 Mar 2026

https://github.com/anouarbensaad/vulnx

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

auto-exploiter bot cloudflare-detection cms-detector crawler detects-vulnerabilities dorks exploits hacking information-gathering pentest security-tools shell-injection subdomains-gathering vulnerability vulnerability-assessment vulnerability-detection vulnerability-exploit website-vulnerability-scanner wp-scanner

Last synced: 15 May 2025

https://github.com/ncsc-nl/log4shell

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

cve-2021-4104 cve-2021-44228 cve-2021-45046 cve-2021-45105 log4j log4shell vulnerability

Last synced: 29 Sep 2025

https://github.com/NCSC-NL/log4shell

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

cve-2021-4104 cve-2021-44228 cve-2021-45046 cve-2021-45105 log4j log4shell vulnerability

Last synced: 30 Apr 2025

https://github.com/Lifka/hacking-resources

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

ethicalhacking gathering hacker hacking malware network-monitoring osint powershell social-engineering tools vulnerability

Last synced: 30 Mar 2025

https://github.com/threekiii/vulnerability-wiki

一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.

cve docker docsify vulnerability wiki

Last synced: 14 May 2025

https://github.com/0x727/SpringBootExploit

项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。

exp exploit spring springboot vul vulnerability

Last synced: 11 Jul 2025

https://github.com/0x727/springbootexploit

项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。

exp exploit spring springboot vul vulnerability

Last synced: 01 Oct 2025

https://github.com/Threekiii/Vulnerability-Wiki

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

cve docker docsify vulnerability wiki

Last synced: 04 Apr 2025

https://github.com/HummerRisk/HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 01 May 2025

https://github.com/s4n7h0/xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

application-security knowledge learning-appsec mysql php vulnerability xvwa

Last synced: 06 Apr 2025

https://github.com/ossf/cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability

Last synced: 03 Mar 2026

https://github.com/bytedance/appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

android compliance static-analysis vulnerability

Last synced: 14 May 2025

https://github.com/1n3/blackwidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss

Last synced: 13 Apr 2025

https://github.com/1N3/BlackWidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss

Last synced: 30 Mar 2025

https://github.com/dolevf/damn-vulnerable-graphql-application

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

damn-vulnerable damn-vulnerable-web-application exploitation graphql graphql-security penetration-testing security vulnerability

Last synced: 15 May 2025

https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

damn-vulnerable damn-vulnerable-web-application exploitation graphql graphql-security penetration-testing security vulnerability

Last synced: 04 Apr 2025

https://github.com/zema1/watchvuln

一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services

dingding-bot lark-bot vulnerability vulnerability-analysis wecom-bot

Last synced: 14 May 2025

https://github.com/hummerrisk/hummerrisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 14 May 2025

https://github.com/intel/cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability

Last synced: 13 May 2025

https://github.com/jeffzh3ng/fuxi

Penetration Testing Platform

penetration-testing pentest-tool security vulnerability

Last synced: 16 May 2025

https://github.com/HASecuritySolutions/VulnWhisperer

Create actionable data from your Vulnerability Scans

elasticsearch elasticstack logstash nessus python qualys vulnerability

Last synced: 02 Apr 2025

https://github.com/aquasecurity/trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

devsecops github-actions scanner scanning security tools vulnerability

Last synced: 01 Apr 2026

https://github.com/nixawk/labs

Vulnerability Labs for security analysis

cve exploit security vulnerability

Last synced: 16 May 2025

https://github.com/vu1nt0tal/iot-vulhub

IoT固件漏洞复现环境

docker exploit iot qemu vulnerability

Last synced: 16 May 2025

https://github.com/Vu1nT0tal/IoT-vulhub

IoT固件漏洞复现环境

docker exploit iot qemu vulnerability

Last synced: 05 Apr 2025

https://github.com/jxy-s/herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

antivirus antivirus-evasion exploit exploit-development exploit-framework exploitation exploits process-doppelganging process-herpaderping process-hollowing process-migration security security-vulnerability vulnerability windows windows-10 windows-7 windows-defender

Last synced: 16 May 2025

https://github.com/nccgroup/singularity

A DNS rebinding attack framework.

attack dns dns-rebinding iot vulnerability

Last synced: 14 May 2025

https://github.com/topscoder/nuclei-wordfence-cve

The EXCLUSIVE Collection of 50,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

bugbounty cve exploits nuclei nuclei-templates pentesting projectdiscovery scanner security vulnerability vulnerability-scanning wordfence wordpress

Last synced: 15 May 2025

https://github.com/rub-nds/terrapin-scanner

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

attack cryptography ssh vulnerability vulnerability-scanner

Last synced: 16 May 2025

https://github.com/globocom/secdevlabs

A laboratory for learning secure web and mobile development in a practical manner.

development hacktoberfest hacktoberfest2022 labs owasp-top-10 security training vulnerability

Last synced: 08 Sep 2025

https://github.com/globocom/secDevLabs

A laboratory for learning secure web and mobile development in a practical manner.

development hacktoberfest hacktoberfest2022 labs owasp-top-10 security training vulnerability

Last synced: 29 Apr 2025

https://github.com/pwnesia/dnstake

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

dns go golang nameserver subdomain takeover vulnerability

Last synced: 16 May 2025