Skip to content
#

cwe

Star

Here are 38 public repositories matching this topic...

Language: All
Filter by language
All 38 Python 11 JavaScript 7 Jupyter Notebook 3 TypeScript 3 Java 2 R 2 C# 1 CSS 1 Rust 1 Shell 1
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated
Mobile-Security-Framework-MobSF

MobSF / Mobile-Security-Framework-MobSF

Star 11.6k

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

python rest static-analysis apk owasp dynamic-analysis web-security malware-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing cwe devsecops runtime-security mstg masvs
  • Updated Jul 5, 2022
  • JavaScript
find-sec-bugs

find-sec-bugs / find-sec-bugs

Star 1.9k
Open

Detect usage of Apache BeanUtils as dangerous

2
h3xstream
h3xstream commented Oct 5, 2020

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public
Read more
hacktoberfest good first issue
Find more good first issues

fkie-cad / cwe_checker

Star 680
Open

Add Cutter/Rizin/Radare2 plugins

1
XVilka
XVilka commented Dec 13, 2019

I noticed you have a plugin for Ghidra, but it is not the only one FOSS tool available.
Rizin is a highly-portable cross-platform reverse engineering framework and a toolkit without dependencies. It has support for analyzing binaries, disassembling code, debugging programs, attaching to remote GDB/LLDB, WinDbg servers, rich plugin system (see rz-pm), and in

Read more
enhancement good first issue
vulnrepo

kac89 / vulnrepo

Star 225

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS/Bugcrowd issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.

security angular nmap pci-dss pentesting bugbounty attachments cve nessus openvas vulnerability-management vulnerability-assessment cwe burpsuite end-to-end-encryption vulnerability-report vulnerability-research mitre-attack security-tool security-team vulnr-po
  • Updated Jun 15, 2022
  • TypeScript

jeemok / better-npm-audit

Star 84
Open

Target specific package versions in --module-ignore

1
knightsg
knightsg commented Mar 4, 2022

It would be very handy for us if we could target specific package versions in the --module-ignore flag so that we don't have to come back and manually update our whitelists once we update problematic package versions. For example:

1. We have included package_A v1.2.3.
2. better-npm-audit audit -l high fails because of an issue with a subpackage of package_A v1.2.3.
3. We exclude it using
Read more
enhancement good first issue
Find more good first issues

Improve this page

Add a description, image, and links to the cwe topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the cwe topic, visit your repo's landing page and select "manage topics."

Learn more