Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with vulnerability

A curated list of projects in awesome lists tagged with vulnerability .

https://github.com/landgrey/spring-boot-upload-file-lead-to-rce-tricks

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

rce spring-boot upload-file vulnerability

Last synced: 11 Jan 2025

https://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricks

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

rce spring-boot upload-file vulnerability

Last synced: 21 Nov 2024

https://github.com/metnew/uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

browser cve javascript security vulnerability xss

Last synced: 03 Nov 2024

https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

ES File Explorer Open Port Vulnerability - CVE-2019-6447

cve cve-2019-6447 infosec vulnerability

Last synced: 02 Nov 2024

https://github.com/cr4sh/thinkpwn

Started as arbitrary System Management Mode code execution exploit for Lenovo ThinkPad model line, ended as exploit for industry-wide 0day vulnerability in machines of many vendors

0day exploit firmware intel smm uefi vulnerability

Last synced: 11 Jan 2025

https://github.com/rmb122/rogue_mysql_server

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

expliot mysql vulnerability

Last synced: 21 Nov 2024

https://github.com/fs0c131y/esfileexploreropenportvuln

ES File Explorer Open Port Vulnerability - CVE-2019-6447

cve cve-2019-6447 infosec vulnerability

Last synced: 03 Nov 2024

https://github.com/hardik05/Damn_Vulnerable_C_Program

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

afl dynamorio fuzzing honggfuzz jackalope libafl libfuzzer security tinyinst vulnerabilities vulnerability winafl

Last synced: 21 Nov 2024

https://github.com/Cr4sh/ThinkPwn

Started as arbitrary System Management Mode code execution exploit for Lenovo ThinkPad model line, ended as exploit for industry-wide 0day vulnerability in machines of many vendors

0day exploit firmware intel smm uefi vulnerability

Last synced: 17 Nov 2024

https://github.com/fingerprintjs/external-protocol-flooding

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

browser-fingerprinting exploit fingerprinting identification privacy security vulnerability

Last synced: 11 Jan 2025

https://github.com/arpsyndicate/puncia

The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer.

arpsyndicate cyclonedx cyclonedx-sbom exploit sbom sbom-tool subdomain vulnerability

Last synced: 14 Jan 2025

https://github.com/4ra1n/mysql-fake-server

MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)

fake-server jdbc mysql vulnerability web-security

Last synced: 05 Nov 2024

https://github.com/ARPSyndicate/puncia

The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer.

arpsyndicate cyclonedx cyclonedx-sbom exploit sbom sbom-tool subdomain vulnerability

Last synced: 05 Nov 2024

https://github.com/security-prince/Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss

Last synced: 08 Nov 2024

https://github.com/taviso/rbndr

Simple DNS Rebinding Service

dns dns-rebinding vulnerability

Last synced: 12 Jan 2025

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 14 Nov 2024

https://github.com/vulscanteam/vulscan

vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

exploit-databa exploitation-framework poc pocscan pocscanner scanner-web security-tools sesecurity-vulnerability vulnerability vulnerability-database-entry vulnerability-databases vulnerability-scanners vulnerability-scanning vulscan webscan webscanner

Last synced: 03 Nov 2024

https://github.com/Soulghost/iblessing

iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

exploit ios reverse-engineering scanner vulnerability vulnerability-scanners

Last synced: 09 Nov 2024

https://github.com/hahwul/a2sv

Auto Scanning to SSL Vulnerability

hacking scanner security ssl vulnerability

Last synced: 03 Nov 2024

https://github.com/msuiche/OPCDE

OPCDE Cybersecurity Conference Materials

cybersecurity incident-response information-security vulnerability

Last synced: 03 Nov 2024

https://github.com/jkctech/Telegram-Trilateration

Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location

exploit gps-coordinates gps-location nox nox-player privacy python security telegram vulnerability

Last synced: 09 Nov 2024

https://github.com/xfiftyone/STS2G

Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang

golang golang-application security struts2-exp vulnerability

Last synced: 08 Nov 2024

https://github.com/artsploit/solr-injection

Apache Solr Injection Research

hacking pentest research vulnerability

Last synced: 31 Dec 2024

https://github.com/veracode-research/solr-injection

Apache Solr Injection Research

hacking pentest research vulnerability

Last synced: 03 Nov 2024

https://github.com/frostbits-security/SIET

Smart Install Exploitation Tool

cisco exploit vulnerability

Last synced: 03 Nov 2024

https://github.com/aboutcode-org/vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

cpe cve cvss nvd ossindex osv package-url purl security security-tools snyk vulndb vulnerability vulnerability-database vulnerability-databases vulnerability-detection vulnerability-identification vulnerability-scanners

Last synced: 17 Jan 2025

https://github.com/smartbugs/smartbugs

SmartBugs: A Framework to Analyze Ethereum Smart Contracts

blockchain ethereum solidity vulnerability

Last synced: 31 Oct 2024

https://github.com/joaomatosf/javadeserh2hc

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

deserialization java javadeser jboss jvm lab poc reverse-shell vulnerability

Last synced: 18 Nov 2024

https://github.com/joaomatosf/JavaDeserH2HC

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

deserialization java javadeser jboss jvm lab poc reverse-shell vulnerability

Last synced: 24 Oct 2024

https://github.com/FDlucifer/Proxy-Attackchain

Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :)

attackchains cve-2021-42321 exchange-server exploit golang proxylogon proxymaybeshell proxynotshell proxyoracle proxyrelay proxyshell proxytoken python-script vulnerability

Last synced: 21 Nov 2024

https://github.com/nix-community/vulnix

Vulnerability (CVE) scanner for Nix/NixOS.

cve nix nixos security vulnerabilities vulnerability

Last synced: 11 Jan 2025

https://github.com/yhy0/jie

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers.(expectations)

apollo-exp crawler jie scan scanner security-copilot shiro-exp vul vulnerability vulnerability-detection vulnerability-exploitation vulnerability-scanners

Last synced: 11 Jan 2025

https://github.com/yhy0/Jie

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers.(expectations)

apollo-exp crawler jie scan scanner security-copilot shiro-exp vul vulnerability vulnerability-detection vulnerability-exploitation vulnerability-scanners

Last synced: 02 Jan 2025

https://github.com/chennqqi/godnslog

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

dnslog rce rfi ssrf vulnerability webscan xss xxe

Last synced: 15 Jan 2025

https://github.com/cr0hn/vulnerable-node

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

analyzer common-vulnerabilities identified-vulnerabilities nodejs security-analyzers vulnerability whitebox

Last synced: 17 Jan 2025

https://github.com/mandiant/fidl

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

api decompiler ida malware research reversing vulnerability

Last synced: 12 Jan 2025

https://github.com/mandiant/FIDL

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

api decompiler ida malware research reversing vulnerability

Last synced: 26 Oct 2024

https://github.com/Threekiii/Vulhub-Reproduce

一个Vulhub漏洞复现知识库

exploit vulnerability

Last synced: 06 Nov 2024

https://github.com/tangxiaofeng7/SecExample

JAVA 漏洞靶场 (Vulnerability Environment For Java)

cors csrf docker fastjson java rce springboot sqlinjection ssrf vulnerability xss-vulnerability

Last synced: 21 Nov 2024

https://github.com/gradejs/gradejs

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

bugbounty bundle bundling javascript npm package-management security-tools vulnerability vulnerability-detection webpack website-security

Last synced: 29 Oct 2024

https://github.com/MyKings/docker-vulnerability-environment

Use the docker to build a vulnerability environment

docker vulnerability

Last synced: 19 Nov 2024

https://github.com/mykings/docker-vulnerability-environment

Use the docker to build a vulnerability environment

docker vulnerability

Last synced: 16 Jan 2025

https://github.com/flankerhqd/JAADAS

Joint Advanced Defect assEsment for android applications

android-applications inter-procedure-analysis soot static-analysis vulnerability

Last synced: 27 Oct 2024

https://github.com/TeraSecTeam/ary

Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。

automation penetration-testing pentest poc sqlinjection vulnerability vulnerability-scanners xss

Last synced: 21 Nov 2024

https://github.com/dzonerzy/goWAPT

Go Web Application Penetration Test

fuzzer hack injection scan-fuzzing sql tool vulnerability wapt wfuzz wordlist xss

Last synced: 21 Nov 2024

https://github.com/tonybaloney/pycharm-security

Finds security holes in your Python projects from PyCharm and GitHub

devsecops hacktoberfest-accepted security security-automation static-analysis vulnerability

Last synced: 11 Jan 2025

https://github.com/mudongliang/linuxflaw

The vm images in this repo are lost, we recommend our new project: https://github.com/hust-open-atom-club/S2VulnHub

cve edb linux reproduction vulnerability

Last synced: 11 Jan 2025

https://github.com/rezasp/vbscan

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

exploit owasp vbscan vbulletin vulnerability vulnerability-scanners

Last synced: 31 Dec 2024

https://github.com/OWASP/vbscan

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

exploit owasp vbscan vbulletin vulnerability vulnerability-scanners

Last synced: 03 Nov 2024

https://github.com/tongchengbin/ocean_ctf

CTF平台 支持docker 动态部署题目、分数统计、作弊检测,静态题目,漏洞复现,ctf platform,

ctf docker flask platform vulnerability

Last synced: 21 Nov 2024

https://github.com/jfrog/frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖

action artifactory bot github-actions go gradle jfrog jfrog-xray maven npm python vulnerability

Last synced: 18 Jan 2025

https://github.com/GoSecure/php7-opcache-override

Security-related PHP7 OPcache abuse tools and demo

opcache php7 poc vulnerability

Last synced: 10 Nov 2024

https://github.com/gosecure/php7-opcache-override

Security-related PHP7 OPcache abuse tools and demo

opcache php7 poc vulnerability

Last synced: 14 Jan 2025

https://github.com/hahwul/droid-hunter

(deprecated) Android application vulnerability analysis and Android pentest tool

android hacking scanner security vulnerability

Last synced: 30 Oct 2024

https://github.com/Wack0/CVE-2022-21894

baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability

cve-2022-21894 cve-2023-24932 poc secure-boot uefi vulnerability windows-boot

Last synced: 18 Nov 2024

https://github.com/CervantesSec/cervantes

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.

audit burpsuite collaboration collaboration-platform collaborative cve hacking nessus nmap penetration-testing penetration-testing-tools pentesters pentesting red-team red-teaming report reporting security vulnerability vulnerability-management

Last synced: 21 Nov 2024

https://github.com/greenbone/gvmd

Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition

backend c extended gea greenbone openvas openvas-manager vulnerability vulnerability-management vulnerability-scanners

Last synced: 12 Jan 2025

https://github.com/ajinabraham/droid-application-fuzz-framework

Android application fuzzing framework with fuzzers and crash monitor.

android browser corruption crash exploitation fuzzing memory pdf vulnerability

Last synced: 15 Jan 2025

https://github.com/ajinabraham/Droid-Application-Fuzz-Framework

Android application fuzzing framework with fuzzers and crash monitor.

android browser corruption crash exploitation fuzzing memory pdf vulnerability

Last synced: 13 Nov 2024

https://github.com/slowmist/papers

SlowMist Vulnerability Research Advisories

advisories blockchain security vulnerability

Last synced: 24 Dec 2024

https://github.com/charmve/ble-security-attack-defence

✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

ble ble-security bluefuzz bluetooth-fuzz bluetooth-le bluetooth-low-energy bluetooth-stack bluetoothle fuzzing hacking reverse reverse-proxy stack vulnerability wireless

Last synced: 14 Jan 2025

https://github.com/Charmve/BLE-Security-Attack-Defence

✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

ble ble-security bluefuzz bluetooth-fuzz bluetooth-le bluetooth-low-energy bluetooth-stack bluetoothle fuzzing hacking reverse reverse-proxy stack vulnerability wireless

Last synced: 21 Nov 2024

https://github.com/logicalhacking/dvhma

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

android cordova vulnerability vulnerable-application

Last synced: 16 Jan 2025

https://github.com/logicalhacking/DVHMA

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

android cordova vulnerability vulnerable-application

Last synced: 30 Oct 2024

https://github.com/cr4sh/fwexpl

PC firmware exploitation tool and library

exploit firmware framework hvci intel kernel lenovo smm uefi vbs vulnerability windows

Last synced: 15 Jan 2025

https://github.com/GeoSn0w/Myriam

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

app infosec ios research vulnerability

Last synced: 14 Nov 2024

https://github.com/Cr4sh/fwexpl

PC firmware exploitation tool and library

exploit firmware framework hvci intel kernel lenovo smm uefi vbs vulnerability windows

Last synced: 18 Nov 2024

https://github.com/yqcs/prismx

:: 棱镜 X · 一体化的轻量型跨平台渗透系统

appscan awvs exp nessus nuclei poc vulnerability

Last synced: 16 Jan 2025

https://github.com/karimhabush/cyberowl

A daily updated summary of the most frequent types of security advisories currently being reported from different sources.

cisa cve security security-alerts vulnerability

Last synced: 08 Nov 2024

https://github.com/theLSA/burp-unauth-checker

burpsuite extension for check unauthorized vulnerability

burp-plugin burpsuite checker unauthenticated vulnerability

Last synced: 21 Nov 2024

https://github.com/fuzzitdev/fuzzit

CLI to integrate continuous fuzzing with Fuzzit (no longer available)

fuzz-testing fuzzing fuzzit security vulnerability

Last synced: 21 Nov 2024

https://github.com/Vu1nT0tal/firmeye

IoT固件漏洞挖掘工具

ida iot vulnerability

Last synced: 02 Jan 2025