Awesome Open Source

Programming Languages

Search results for vulnerability pentesting

vulnerability x

215 search results found

Payloadsallthethings ⭐ 50,977

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

H4cker ⭐ 14,619

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), artificial intelligence, vulnerability research, exploit development, reverse engineering, and more.

Scanners Box ⭐ 7,483

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Gather and update all available and newest CVEs with their PoC.

Awesome Web Hacking ⭐ 4,950

A list of web application security

Allaboutbugbounty ⭐ 4,793

All about bug bounty (bypasses, payloads, and etc)

Reconftw ⭐ 4,700

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Faraday ⭐ 4,192

Open Source Vulnerability Management Platform

Pocsuite3 ⭐ 3,207

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Vulscan ⭐ 2,983

Advanced vulnerability scanning with Nmap NSE

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Awesome Redteam ⭐ 2,672

一个攻防知识仓库

Nettacker ⭐ 2,584

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Awesome Hacking ⭐ 2,570

Awesome hacking is an awesome collection of hacking tools.

Ssrfmap ⭐ 2,306

Automatic SSRF fuzzer and exploitation tool

Awesome Nodejs Security ⭐ 2,292

Awesome Node.js Security resources

Archerysec ⭐ 2,132

Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.

Trackray ⭐ 1,850

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWV

Poc T ⭐ 1,761

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Pentest Guide ⭐ 1,733

Penetration tests guide based on OWASP including test cases, resources and examples.

Vulnx ⭐ 1,711

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Fuxploider ⭐ 1,702

File upload vulnerability scanner and exploitation tool.

Pwndoc ⭐ 1,676

Pentest Report Generator

Reverse Shell ⭐ 1,600

Reverse Shell as a Service

Rapidscan ⭐ 1,489

🆕 The Multi-Tool Web Vulnerability Scanner.

Metlo ⭐ 1,451

Metlo is an open-source API security platform.

Xattacker ⭐ 1,380

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

V3n0m Scanner ⭐ 1,322

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

A Red Teamer Diaries ⭐ 1,294

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Damn Vulnerable Graphql Application ⭐ 1,291

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Penetration Testing Platform

Mutillidae ⭐ 1,015

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

Learn365 ⭐ 1,006

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Swiftnessx ⭐ 848

A cross-platform note-taking & target-tracking app for penetration testers.

Security ⭐ 830

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Scant3r ⭐ 657

ScanT3r - Module based Bug Bounty Automation Tool

Pentesttools ⭐ 650

Awesome Pentest Tools Collection

Jackhammer ⭐ 599

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Injuredandroid ⭐ 563

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Solr Injection ⭐ 559

Apache Solr Injection Research

All in One Recon Tool for Bug Bounty

Awesome Vulnerable ⭐ 555

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Findom Xss ⭐ 487

A fast DOM based XSS vulnerability scanner with simplicity.

Awesome Termux Hacking ⭐ 478

⚡️An awesome list of the best Termux hacking tools

Vehicle Security Toolkit ⭐ 472

汽车/安卓/固件/代码安全测试工具集

Xattackprov30 ⭐ 437

XAttacker Tool PRO V30 Website Vulnerability Scanner & Auto Exploiter

Burp Suite Certified Practitioner Exam Study ⭐ 419

Burp Suite Certified Practitioner Exam Study

Bug Bounty Methodology ⭐ 388

These are my checklists which I use during my hunting.

Reconmap ⭐ 368

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Reconscan ⭐ 324

Network reconnaissance and vulnerability assessment tools.

Vulnrepo ⭐ 323

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management.

Quillaudit_reports ⭐ 304

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports

Hacking ⭐ 269

Ha3Mrx Pentesting and Security Hacking

A python tool to check subdomain takeover vulnerability

Awesome Cyber Security ⭐ 255

[Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.

Droid Hunter ⭐ 244

(deprecated) Android application vulnerability analysis and Android pentest tool

Monitoring exploits & references for CVEs

Cervantes ⭐ 215

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.

Learn365 ⭐ 207

This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.

Linux Soft Exploit Suggester ⭐ 204

Search Exploitable Software on Linux

Pwndoc Ng ⭐ 201

Pentest Report Generator

Hadoop Attack Library ⭐ 200

A collection of pentest tools and resources targeting Hadoop environments

Handbook ⭐ 196

A living document for penetration testing and offensive security.

Phpvuln ⭐ 185

🕸️ Audit tool to find common vulnerabilities in PHP source code

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Nightingale ⭐ 176

It's a Docker Environment for Pentesting which having all the required tool for VAPT.

Inthewilddb ⭐ 166

Hourly updated database of exploit and exploitation reports

Bulwark ⭐ 163

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities. Created based on @ofjaaah and @Jhaddix methodologies

Web Fuzz Wordlists ⭐ 154

Common Web Managers Fuzz Wordlists

vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl.

Hackerscave4staticandroidsec ⭐ 142

A comprehensive resource for Android static analysis and vulnerability assessment. Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications.

Mida Multitool ⭐ 140

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Pentest Tools Framework ⭐ 140

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

PAKURI has been merged with Python and launched as a new project, PAKURI-THON.

Kitsec Core ⭐ 136

Ethical hacking, made easy.

Writeups ⭐ 134

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Offensive Dockerfiles ⭐ 132

Offensive tools as Dockerfiles. Lightweight & Ready to go

Scanner And Patcher ⭐ 131

A Web Vulnerability Scanner and Patcher

Vulnplanet ⭐ 123

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

Smtptester ⭐ 123

small python3 tool to check common vulnerabilities in SMTP servers

Vulnerable Flask App ⭐ 121

Erlik 2 - Vulnerable-Flask-App

Cve 2021 21315 Poc ⭐ 121

CVE 2021-21315 PoC

Find Gh Poc ⭐ 117

Find CVE PoCs on GitHub

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Sec Pentesting Toolkit ⭐ 105

👾 𝘁𝗼𝗼𝗹𝘀 𝗳𝗼𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿𝘀: 𝗽𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴, 𝗖𝗧𝗙𝘀 & 𝘄𝗮𝗿𝗴𝗮𝗺𝗲𝘀

One stop place for exploiting Jira instances in your proximity

App Sec Wiki ⭐ 88

Files for appsecwiki.com

Firebase ⭐ 85

Exploiting misconfigured firebase databases

In Spectre Meltdown ⭐ 84

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/p

Awesome Web Hacking ⭐ 82

A list of web application security

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

Pastebinmarkdownxss ⭐ 78

XSS in pastebin.com and reddit.com via unsanitized markdown output

ScanPro - NMap Scanning Scripts ~ Network Mapper

White Box Pentesting ⭐ 74

This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities

Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.

| FazScan is a Perl program to do some vulnerability scanning and pentesting |

Related Searches

Security Vulnerability (12,295)

Laravel Vulnerability (11,320)

Php Vulnerability (8,873)

Penetration Testing Pentesting (3,478)

Pentesting Pentest (3,160)

Html Vulnerability (1,813)

Javascript Vulnerability (1,293)

Python3 Vulnerability (1,202)

Python Vulnerability (1,116)

Security Pentesting (749)

1-100 of 215 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2023 Awesome Open Source. All rights reserved.