Build software better, together

swisskyrepo / PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

security hacking web-application cheatsheet enumeration penetration-testing bounty vulnerability methodology bugbounty pentest bypass payload payloads hacktoberfest privilege-escalation redteam

Updated Nov 7, 2021
Python

Hacker0x01 / hacker101

Star

Source code for Hacker101.com - a free online web and mobile security class.

education security hacking xss sql-injection vulnerability csrf web-security mobile-security clickjacking hackerone session-fixation hacker101 unchecked-redirects

Updated Sep 27, 2021
SCSS

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

training exploit hackers hacking cybersecurity penetration-testing exploits vulnerability awesome-list video-course hacker vulnerability-management vulnerability-identification vulnerability-scanners vulnerability-assessment ethical-hacking awesome-lists exploit-development ethicalhacking hacking-series

Updated Nov 7, 2021
Jupyter Notebook

aquasecurity / trivy

Star

Open

Remove PodSecurityPolicy in the helm manifest

krol3 commented Oct 18, 2021

Remove PodSecurityPolicy in the helm manifest

helm install trivy . --namespace trivy --create-namespace

W1018 19:47:44.637292   21571 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W1018 19:47:44.745250   21571 warnings.go:70] policy/v1beta1 PodSecurityPolicy is de

pnpm support would be nice

1

Open

Support for AlmaLinux

11

Find more good first issues

chaitin / xray

Star

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

security xss poc vulnerability passive-vulnerability-scanner sqlinjection vulnerability-scanner

Updated Nov 8, 2021
Vue

frohoff / ysoserial

Star

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

java serialization exploit jvm deserialization gadget poc vulnerability javadeser

Updated Sep 13, 2021
Java

infobyte / faraday

Star

Collaborative Penetration Test and Vulnerability Management Platform

security devops chatops security-audit collaboration orchestration nmap penetration-testing vulnerability infosec pentesting collaborative cve nessus vulnerability-management vulnerability-scanners burpsuite security-automation devsecops continuous-scanning

Updated Nov 5, 2021
Python

LandGrey / SpringBootVulExploit

Star

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

rce vulnerability springboot springcloud springboot-actuator-rce spring-boot-vulnerability spring-vulnerability spring-actuator-vulnerability

Updated Mar 10, 2021
Java

KathanP19 / HowToHunt

Star

Tutorials and Things to Do while Hunting Vulnerability.

tutorials vulnerability bugbounty bugbountytips bughunting-methodology

Updated Oct 23, 2021

zhzyker / exphub

Star

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

drupal exploit nexus tomcat poc vulnerability webshell exp weblogic getshell cve-2020-1938 cve-2020-2551 cve-2020-2555 cve-2020-10199 cve-2020-10204 cve-2020-2883 cve-2020-11444 cve-2020-5902 cve-2020-14882

Updated Apr 4, 2021
Python

scipag / vulscan

Star

Advanced vulnerability scanning with Nmap NSE

security security-audit lua exploit lua-script nmap penetration-testing vulnerability vulnerability-databases vulnerability-detection nse vulnerability-identification vulnerability-scanners security-scanner vulnerability-assessment nmap-scripts nsescript nmap-scan-script vulnerability-scanning vulnerability-database-entry

Updated Sep 2, 2021
Lua

tunz / js-vuln-db

Star

A collection of JavaScript engine CVEs with PoCs

javascript vulnerability cve

Updated Sep 3, 2019

goodwithtech / dockle

Sponsor Star

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

go docker kubernetes golang security security-audit containers linter vulnerability security-tools

Updated Nov 3, 2021
Go

Voorivex / pentest-guide

Star

Penetration tests guide based on OWASP including test cases, resources and examples.

penetration-testing vulnerability bugbounty pentest bypass payload writeup owasp-tests

Updated Apr 23, 2021

swisskyrepo / SSRFmap

Sponsor Star

Automatic SSRF fuzzer and exploitation tool

vulnerability ctf pentest exploitation hacktoberfest ssrf server-side-request-forgery ssrfmap

Updated Oct 27, 2021
Python

s4n7h0 / xvwa

Star

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

mysql php knowledge vulnerability application-security xvwa learning-appsec

Updated Sep 12, 2020
PHP

iSafeBlue / TrackRay

Star

vulnerability pentest

Updated Jan 5, 2021
Java

Bo0oM / fuzz.txt

Star

Potentially dangerous files

files list web vulnerability fuzz dirbuster

Updated Jul 8, 2021

c0ny1 / vulstudy

Star

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

vulnerability docker-image-builder

Updated Mar 25, 2020
Shell

hahwul / dalfox

Star

🌘

🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

golang security xss vulnerability bugbounty xss-scanner devsecops cicd-pipeline bugbounty-tool

Updated Oct 27, 2021
Go

lukechilds / reverse-shell

Sponsor Star

Reverse Shell as a Service

microservice reverse-shell exploit prank joke vulnerability pentesting

Updated Oct 20, 2020
JavaScript

greenbone / openvas-scanner

Star

This repository contains the scanner component for Greenbone Vulnerability Management (GVM). If you are looking for the whole OpenVAS framework please take a look at https://community.greenbone.net/t/frequently-asked-questions-faq/5558.

scanner vulnerability openvas vulnerability-detection vulnerability-management vulnerability-scanners vulnerability-assessment gvm greenbone greenbone-vulnerability-management openvas-scanner

Updated Nov 8, 2021
C

anouarbensaad / vulnx

Star

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

bot crawler hacking exploits vulnerability pentest vulnerability-detection vulnerability-assessment information-gathering security-tools cms-detector cloudflare-detection shell-injection vulnerability-exploit website-vulnerability-scanner wp-scanner auto-exploiter dorks detects-vulnerabilities subdomains-gathering

Updated Aug 1, 2021
Python

Lifka / hacking-resources

Star

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

osint tools powershell malware hacking network-monitoring vulnerability hacker gathering social-engineering ethicalhacking

Updated Jun 27, 2021

HASecuritySolutions / VulnWhisperer

Star

Create actionable data from your Vulnerability Scans

python elasticsearch elasticstack logstash vulnerability qualys nessus

Updated Aug 4, 2021
Python

jeffzh3ng / fuxi

Star

Penetration Testing Platform

security penetration-testing vulnerability pentest-tool

Updated May 6, 2021
Python

nixawk / labs

Star

Vulnerability Labs for security analysis

security exploit vulnerability cve

Updated Mar 10, 2021
Python

1N3 / BlackWidow

Star

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Updated Sep 27, 2021
Python

v3n0m-Scanner / V3n0M-Scanner

Star

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Updated Aug 30, 2021
Python

anchore / grype

Star

Open

Docs for using templates should point to view models, not JSON output

2

luhring commented Jun 8, 2021

Our current documentation for using templates points users to the JSON output to learn about what data is available to the template author. This is insufficient, because although it currently describes the correct shape of data, it leaves users guessing at the correct casing for field names.

A better source of truth than the JSON output is the

Extend vulnerability matchers

2

vulnerability

Here are 815 public repositories matching this topic...

swisskyrepo / PayloadsAllTheThings

Hacker0x01 / hacker101

The-Art-of-Hacking / h4cker

aquasecurity / trivy

Remove PodSecurityPolicy in the helm manifest

pnpm support would be nice

Support for AlmaLinux

chaitin / xray

frohoff / ysoserial

infobyte / faraday

LandGrey / SpringBootVulExploit

KathanP19 / HowToHunt

zhzyker / exphub

scipag / vulscan

tunz / js-vuln-db

goodwithtech / dockle

Voorivex / pentest-guide

swisskyrepo / SSRFmap

s4n7h0 / xvwa

iSafeBlue / TrackRay

Bo0oM / fuzz.txt

c0ny1 / vulstudy

hahwul / dalfox

lukechilds / reverse-shell

greenbone / openvas-scanner

anouarbensaad / vulnx

Lifka / hacking-resources

HASecuritySolutions / VulnWhisperer

jeffzh3ng / fuxi

nixawk / labs

1N3 / BlackWidow

v3n0m-Scanner / V3n0M-Scanner

anchore / grype

Docs for using templates should point to view models, not JSON output

Extend vulnerability matchers

Improve this page

Add this topic to your repo