📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

roadmap hacking penetration-testing post-exploitation vulnerabilities pentest exploitation hacking-tool frameworks information-gathering web-hacking hacktools

Updated Apr 12, 2020

1N3 / Sn1per

Star

Automated pentest framework for offensive security experts

Updated Aug 26, 2020
Shell

Medicean / VulApps

Star

快速搭建各种漏洞环境(Various vulnerability environment)

docker struts vulnerabilities cve vulnhub

Updated Aug 24, 2020
Shell

infoslack / awesome-web-hacking

Star

A list of web application security

scanner hacking penetration-testing web-security vulnerabilities metasploit web-hacking hacking-tools

Updated Sep 3, 2020

RetireJS / retire.js

Star

scanner detecting the use of JavaScript libraries with known vulnerabilities

javascript chrome-extension security scanner grunt-plugins firefox-extension build-tool vulnerabilities software-composition-analysis vulnerable-libraries insecure-libraries

Updated Aug 12, 2020
JavaScript

snyk / snyk

Star

CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

security monitor vulnerabilities snyk

Updated Sep 3, 2020
TypeScript

lirantal / is-website-vulnerable

Star

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

nodejs security scan vulnerabilities lighthouse security-vulnerabilities

Updated Aug 8, 2020
JavaScript

archerysec / archerysec

Star

Centralize Vulnerability Assessment and Management for DevSecOps Team

devops opensource pentesting vulnerabilities devops-tools scanning vulnerability-management vulnerability-assessment secdevops pentesters devsecops

Updated Aug 27, 2020
HTML

cve-search / cve-search

Star

cve-search - a tool to perform local searches for known vulnerabilities

vulnerabilities cve cpe vulnerability-detection cve-scanning vulnerability-assessment common-vulnerabilities cve-search cve-databases cve-entries

Updated Sep 3, 2020
Python

OWASP / NodeGoat

Star

Open

Migration to bcrypt

5

UlisesGascon commented Aug 6, 2019

Context

This is part of release-1.5 #148
MEDIUM priority task

Tasks

Remove dependency bcrypt-nodejs in package.json
Add dependency bcrypt in package.json
Migrate file app/data/user-dao.js to bcrypt
Validate the instalation with the local test
Add and submit the chang

Upgrade dependencies

1

bt3gl / Pentesting_Toolkit

Star

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

linux cryptography rubber-ducky network reverse-engineering hacking forensics steganography infosec web-security pentesting ctf wargame post-exploitation vulnerabilities iocs botnets malwares gray-hacker-resources

Updated May 19, 2020
C

lirantal / awesome-nodejs-security

Star

Awesome Node.js Security resources

nodejs security owasp cybersecurity infosec web-security vulnerabilities pentest

Updated Aug 16, 2020
JavaScript

anchore / anchore-engine

Star

Open

Add a option to allow the engine update vulnerabilities database through proxy

5

NitroCao commented Nov 11, 2019

Is this a request for help?: Yes

Is this a BUG REPORT or a FEATURE REQUEST? (choose one): FEATURE REQUEST

Can we add a option to allow the engine update vulnerabilities database through specific proxy ser

Feature Request: Scan time to be included in logs

3

Open

TLS configuration for engine services can fail silently

eliasgranderubio / dagda

Star

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

docker security static-analysis vulnerabilities detecting-anomalous-activities malware-detection

Updated Jun 23, 2020
Python

bloodzer0 / ossa

Star

Open-Source Security Architecture | 开源安全架构

security security-audit ids application-security security-vulnerability vulnerabilities ips vulnerability-scanners security-scanner security-tools code-audit business-security

Updated Nov 18, 2019

Matheus-Garbelini / esp32_esp8266_attacks

Star

Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)

esp8266 esp32 crash vulnerabilities hijack

Updated Sep 8, 2019
C

Cryptogenic / Exploit-Writeups

Star

A collection where my current and future writeups for exploits/CTF will go

capture-the-flag vulnerabilities exploitation exploit-development

Updated Apr 4, 2019

OWASP / railsgoat

Star

A vulnerable version of Rails that follows the OWASP Top 10

ruby rails security ruby-on-rails vulnerabilities appsec owasp-top

Updated Jul 28, 2020
HTML

crytic / not-so-smart-contracts

Star

Examples of Solidity security issues

ethereum solidity vulnerabilities

Updated Apr 24, 2020
Solidity

thesp0nge / dawnscanner

Star

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

ruby rails security sinatra security-audit hanami cybersecurity padrino vulnerabilities codereview

Updated Jul 15, 2019
Ruby

r0hi7 / BinExp

Star

Linux Binary Exploitation

linux tutorial binaries stackoverflow buffer-overflow-attack vulnerabilities exploitation consolidation bufferoverflow heap-exploitation format-string-attack ret2libc shellcode-injector return-to-libc global-offset-table overriding-got got-spawning-shell

Updated Aug 3, 2020
C

skavngr / rapidscan

Star

🎅 The Multi-Tool Web Vulnerability Scanner.

scanner enumeration penetration-testing vulnerabilities kali-linux vulnerability-detection offensive-security vulnerability-management vulnerability-scanners security-scanner vulnerability-assessment web-vulnerabilities-scanner security-tools oscp reconnaissance vulnerability-scanner penetration-testing-framework kali-scripts scanner-web security-scanning

Updated Jul 22, 2020
Python

spencerdodd / kernelpop

Star

kernel privilege escalation enumeration and exploitation framework

security tools kernel enumeration exploits vulnerabilities

Updated Aug 2, 2018
Python

DependencyTrack / dependency-track

Star

Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Updated Sep 3, 2020
Java

kabachook / k8s-security

Star

Kubernetes security notes and best practices

kubernetes checklist security best-practices kubernetes-cluster attacker vulnerabilities kubernetes-security

Updated Apr 24, 2020
Shell

lirantal / npq

Star

🎖safely* install packages with npm or yarn by auditing them as part of your install process

npm security package-manager security-audit command-line-tool vulnerabilities security-tools

Updated Mar 24, 2020
JavaScript

Aug	SEP	Oct
	04
2019	2020	2021

vulnerabilities

Here are 291 public repositories matching this topic...

future-architect / vuls

quay / clair

presidentbeef / brakeman

google / clusterfuzz

sundowndev / hacker-roadmap

1N3 / Sn1per

Medicean / VulApps

infoslack / awesome-web-hacking

RetireJS / retire.js

snyk / snyk

lirantal / is-website-vulnerable

archerysec / archerysec

cve-search / cve-search

OWASP / NodeGoat

Migration to bcrypt

Context

Tasks

Upgrade dependencies

bt3gl / Pentesting_Toolkit

lirantal / awesome-nodejs-security

anchore / anchore-engine

Add a option to allow the engine update vulnerabilities database through proxy

Feature Request: Scan time to be included in logs

TLS configuration for engine services can fail silently

eliasgranderubio / dagda

bloodzer0 / ossa

Matheus-Garbelini / esp32_esp8266_attacks

Cryptogenic / Exploit-Writeups

OWASP / railsgoat

crytic / not-so-smart-contracts

thesp0nge / dawnscanner

r0hi7 / BinExp

skavngr / rapidscan

spencerdodd / kernelpop

DependencyTrack / dependency-track

kabachook / k8s-security

lirantal / npq

Improve this page

Add this topic to your repo