vulnerability

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Source code for Hacker101.com - a free online web and mobile security class.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Collaborative Penetration Test and Vulnerability Management Platform

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Tutorials and Things to Do while Hunting Vulnerability.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Advanced vulnerability scanning with Nmap NSE

A collection of JavaScript engine CVEs with PoCs

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Penetration tests guide based on OWASP including test cases, resources and examples.

Automatic SSRF fuzzer and exploitation tool

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Potentially dangerous files

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Reverse Shell as a Service

This repository contains the scanner component for Greenbone Vulnerability Management (GVM). If you are looking for the whole OpenVAS framework please take a look at https://community.greenbone.net/t/frequently-asked-questions-faq/5558.

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

Create actionable data from your Vulnerability Scans

Penetration Testing Platform

Vulnerability Labs for security analysis

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

SQL Vulnerability Scanner

The Correlated CVE Vulnerability And Threat Intelligence Database API