vulnerability

There are 155 repositories under vulnerability topic.

PayloadsAllTheThings
swisskyrepo / PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pentest payload bypass web-application hacking vulnerability bounty methodology privilege-escalation penetration-testing cheatsheet security enumeration bugbounty redteam payloads hacktoberfest
Language:Python 57163
aquasecurity / trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
security security-tools docker containers vulnerability-scanners vulnerability-detection vulnerability golang go kubernetes hacktoberfest devsecops misconfiguration infrastructure-as-code iac
Language:Go 21553
h4cker
The-Art-of-Hacking / h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
hacking penetration-testing hacking-series cybersecurity ethical-hacking hacker exploit exploits exploit-development vulnerability vulnerability-assessment vulnerability-management vulnerability-identification awesome-lists awesome-list training hackers ai artificial-intelligence ai-security
Language:Jupyter Notebook 16735
Hacker0x01 / hacker101
Source code for Hacker101.com - a free online web and mobile security class.
clickjacking csrf education hacker101 hackerone hacking mobile-security security session-fixation sql-injection unchecked-redirects vulnerability web-security xss
Language:SCSS 13615
xray
chaitin / xray
一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
security vulnerability vulnerability-scanner passive-vulnerability-scanner xss sqlinjection poc
Language:Vue 9719
grype
anchore / grype
A vulnerability scanner for container images and filesystems
containers security vulnerability docker golang go static-analysis container-image tool oci cyclonedx vulnerabilities hacktoberfest openvex vex
Language:Go 7857
ysoserial
frohoff / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
deserialization exploit gadget java javadeser jvm poc serialization vulnerability
Language:Java 7347
edoardottt / awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
awesome awesome-list hacking search-engine osint awesome-lists dns hacking-tools exploit security security-tools vulnerability wifi-network bugbounty osint-tool vulnerabilities redteam redteaming cve hacktoberfest
Language:Shell 6747
trickest / cve
Gather and update all available and newest CVEs with their PoC.
cve cve-poc exploit hacking infosec latest-cve penetration-testing pentesting poc red-team security security-tools software-security software-vulnerabilities software-vulnerability vulnerabilities vulnerability
Language:HTML 6123
nomi-sec / PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
cve exploit poc security vulnerability
6004
KathanP19 / HowToHunt
Collection of methodology and test case for various web vulnerabilities.
vulnerability tutorials bughunting-methodology bugbounty bugbountytips
5608
LandGrey / SpringBootVulExploit
SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
springboot springboot-actuator-rce rce spring-boot-vulnerability springcloud spring-vulnerability vulnerability spring-actuator-vulnerability
Language:Java 5541
infoslack / awesome-web-hacking
A list of web application security
penetration-testing web-hacking vulnerabilities scanner hacking hacking-tools metasploit web-security appsec owasp pentesting security vulnerability
5453
daffainfo / AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
bugbounty bugbountytips bypass payloads reconnaissance bug hacking security payload penetration-testing vulnerability infosec pentest
5438
infobyte / faraday
Open Source Vulnerability Management Platform
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management collaboration burpsuite nessus nmap devsecops security-automation orchestration cve appsec cybersecurity
Language:Python 4638
zhzyker / exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
weblogic tomcat exploit poc vulnerability exp webshell drupal getshell nexus cve-2020-10199 cve-2020-2555 cve-2020-11444 cve-2020-10204 cve-2020-1938 cve-2020-2883 cve-2020-2551 cve-2020-5902 cve-2020-14882
Language:Python 4030
scipag / vulscan
Advanced vulnerability scanning with Nmap NSE
vulnerability vulnerability-scanners vulnerability-detection vulnerability-identification vulnerability-assessment security security-audit security-scanner penetration-testing nmap nmap-scripts exploit vulnerability-scanning vulnerability-databases vulnerability-database-entry nmap-scan-script nse nsescript lua lua-script
Language:Lua 3337
dalfox
hahwul / dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection xss-bruteforce xss-exploit
Language:Go 3330
greenbone / openvas-scanner
This repository contains the scanner component for Greenbone Community Edition.
c foo greenbone greenbone-community-edition greenbone-vulnerability-management gvm openvas openvas-scanner scanner techops vulnerability vulnerability-assessment vulnerability-detection vulnerability-management vulnerability-scanners
Language:C 2922
Bo0oM / fuzz.txt
Potentially dangerous files
dirbuster files fuzz list vulnerability web
2794
swisskyrepo / SSRFmap
Automatic SSRF fuzzer and exploitation tool
ssrf server-side-request-forgery exploitation vulnerability ssrfmap pentest ctf hacktoberfest
Language:Python 2779
payloadbox / command-injection-payload-list
🎯 Command Injection Payload List
command-injection injection security-vulnerability vulnerability payload-list payload os-injection command os unix linux windows macos application application-security bugbounty security security-research vulnerability-research security-testing
2669
goodwithtech / dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
containers docker go golang kubernetes linter security security-audit security-tools vulnerability
Language:Go 2661
pentest-guide
Voorivex / pentest-guide
Penetration tests guide based on OWASP including test cases, resources and examples.
pentest bugbounty owasp-tests penetration-testing vulnerability payload bypass writeup
2378
tunz / js-vuln-db
A collection of JavaScript engine CVEs with PoCs
cve javascript vulnerability
2262
c0ny1 / vulstudy
使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。
docker-image-builder vulnerability
Language:Shell 2122
Az0x7 / vulnerability-Checklist
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
bugbounty security sqlinjection vulnerability vulnerability-checklist web-vulnerability
2087
iSafeBlue / TrackRay
溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）
pentest vulnerability
Language:Java 1996
NCSC-NL / log4shell
Operational information regarding the log4shell vulnerabilities in the Log4j logging library.
cve-2021-44228 log4j cve-2021-45046 cve-2021-45105 log4shell vulnerability cve-2021-4104
Language:Python 1892
anouarbensaad / vulnx
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
crawler information-gathering cms-detector cloudflare-detection bot pentest wp-scanner auto-exploiter vulnerability hacking website-vulnerability-scanner security-tools vulnerability-assessment vulnerability-exploit vulnerability-detection shell-injection detects-vulnerabilities exploits dorks subdomains-gathering
Language:Python 1827
lukechilds / reverse-shell
Reverse Shell as a Service
exploit joke microservice pentesting prank reverse-shell vulnerability
Language:JavaScript 1792
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1771
HummerRisk / HummerRisk
HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native prowler security sbom cloud-native-security cspm k8s-security kubernetes-security trivy compliance compliance-as-code vulnerability
Language:Java 1753
0x727 / SpringBootExploit
项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
spring springboot vul vulnerability exploit exp
Language:Java 1732
Lifka / hacking-resources
Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.
ethicalhacking gathering hacker hacking malware network-monitoring osint powershell social-engineering tools vulnerability
1720
ihebski / A-Red-Teamer-diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
pentesting redteam security-tools exploit active-directory vulnerability penetration-testing tools hacking script lateral-movement meterpreter privilege-escalation crackmapexec mimikatz cybersecurity enumeration engagement metasploit nmap
1673