Build software better, together

swisskyrepo / PayloadsAllTheThings

Sponsor

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

security hacking web-application cheatsheet enumeration penetration-testing bounty vulnerability methodology bugbounty pentest bypass payload payloads hacktoberfest privilege-escalation redteam

Updated May 15, 2022
Python

Hacker0x01 / hacker101

Star

Source code for Hacker101.com - a free online web and mobile security class.

education security hacking xss sql-injection vulnerability csrf web-security mobile-security clickjacking hackerone session-fixation hacker101 unchecked-redirects

Updated May 9, 2022
SCSS

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

training exploit hackers hacking cybersecurity penetration-testing exploits vulnerability awesome-list video-course hacker vulnerability-management vulnerability-identification vulnerability-scanners vulnerability-assessment ethical-hacking awesome-lists exploit-development ethicalhacking hacking-series

Updated May 16, 2022
Jupyter Notebook

chaitin / xray

Star

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

security xss poc vulnerability passive-vulnerability-scanner sqlinjection vulnerability-scanner

Updated May 16, 2022
Vue

frohoff / ysoserial

Star

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

java serialization exploit jvm deserialization gadget poc vulnerability javadeser

Updated May 14, 2022
Java

LandGrey / SpringBootVulExploit

Star

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

rce vulnerability springboot springcloud springboot-actuator-rce spring-boot-vulnerability spring-vulnerability spring-actuator-vulnerability

Updated Mar 10, 2021
Java

KathanP19 / HowToHunt

Star

Tutorials and Things to Do while Hunting Vulnerability.

tutorials vulnerability bugbounty bugbountytips bughunting-methodology

Updated May 2, 2022

infobyte / faraday

Star

Collaborative Penetration Test and Vulnerability Management Platform

security devops chatops security-audit collaboration orchestration nmap penetration-testing vulnerability infosec pentesting collaborative cve nessus vulnerability-management vulnerability-scanners burpsuite security-automation devsecops continuous-scanning

Updated Apr 13, 2022
Python

zhzyker / exphub

Star

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

drupal exploit nexus tomcat poc vulnerability webshell exp weblogic getshell cve-2020-1938 cve-2020-2551 cve-2020-2555 cve-2020-10199 cve-2020-10204 cve-2020-2883 cve-2020-11444 cve-2020-5902 cve-2020-14882

Updated Apr 4, 2021
Python

trickest / cve

Star

Gather and update all available and newest CVEs with their PoC.

security exploit hacking penetration-testing poc vulnerability infosec pentesting vulnerabilities cve software-security red-team security-tools software-vulnerability software-vulnerabilities latest-cve cve-poc

Updated May 16, 2022

scipag / vulscan

Star

Advanced vulnerability scanning with Nmap NSE

security security-audit lua exploit lua-script nmap penetration-testing vulnerability vulnerability-databases vulnerability-detection nse vulnerability-identification vulnerability-scanners security-scanner vulnerability-assessment nmap-scripts nsescript nmap-scan-script vulnerability-scanning vulnerability-database-entry

Updated Mar 11, 2022
Lua

tunz / js-vuln-db

Star

A collection of JavaScript engine CVEs with PoCs

javascript vulnerability cve

Updated Sep 3, 2019

NCSC-NL / log4shell

Star

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

log4j vulnerability cve-2021-44228 log4shell cve-2021-45046 cve-2021-4104 cve-2021-45105

Updated May 15, 2022
Python

goodwithtech / dockle

Sponsor

Star

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

go docker kubernetes golang security security-audit containers linter vulnerability security-tools

Updated Mar 7, 2022
Go

swisskyrepo / SSRFmap

Sponsor

Star

Automatic SSRF fuzzer and exploitation tool

vulnerability ctf pentest exploitation hacktoberfest ssrf server-side-request-forgery ssrfmap

Updated Mar 23, 2022
Python

Voorivex / pentest-guide

Star

Penetration tests guide based on OWASP including test cases, resources and examples.

penetration-testing vulnerability bugbounty pentest bypass payload writeup owasp-tests

Updated Mar 23, 2022

hahwul / dalfox

Star

🌙

🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

golang security xss vulnerability bugbounty xss-scanner xss-detection devsecops xss-exploit xss-bruteforce cicd-pipeline bugbounty-tool

Updated May 13, 2022
Go

greenbone / openvas-scanner

Star

This repository contains the scanner component for Greenbone Vulnerability Management (GVM). If you are looking for the whole OpenVAS framework please take a look at https://community.greenbone.net/t/frequently-asked-questions-faq/5558.

scanner vulnerability openvas vulnerability-detection vulnerability-management vulnerability-scanners vulnerability-assessment gvm greenbone greenbone-vulnerability-management openvas-scanner

Updated May 13, 2022
C

iSafeBlue / TrackRay

Star

vulnerability pentest

Updated Apr 23, 2022
Java

c0ny1 / vulstudy

Star

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

vulnerability docker-image-builder

Updated Mar 25, 2020
Shell

s4n7h0 / xvwa

Star

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

mysql php knowledge vulnerability application-security xvwa learning-appsec

Updated Sep 12, 2020
PHP

lukechilds / reverse-shell

Sponsor

Star

Reverse Shell as a Service

microservice reverse-shell exploit prank joke vulnerability pentesting

Updated Oct 20, 2020
JavaScript

anouarbensaad / vulnx

Star

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

bot crawler hacking exploits vulnerability pentest vulnerability-detection vulnerability-assessment information-gathering security-tools cms-detector cloudflare-detection shell-injection vulnerability-exploit website-vulnerability-scanner wp-scanner auto-exploiter dorks detects-vulnerabilities subdomains-gathering

Updated Mar 30, 2022
Python

Lifka / hacking-resources

Star

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.