Top 23 Vulnerability Open-Source Projects

• PayloadsAllTheThings

  34 56,534 8.6 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

  Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• trivy

  82 21,222 9.7 Go

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  

  Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16

  Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec

• InfluxDB

  www.influxdata.com

  sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• h4cker

  4 16,457 9.3 Jupyter Notebook

  This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

  

• hacker101

  11 13,593 1.0 SCSS

  Source code for Hacker101.com - a free online web and mobile security class.

  

  Project mention: How to start hacking ? | /r/Hacking_Tutorials | 2023-05-17

• grype

  55 7,583 9.5 Go

  A vulnerability scanner for container images and filesystems

  

  Project mention: Suas imagens de container não estão seguras! | dev.to | 2024-03-20

• ysoserial

  13 7,259 0.0 Java

  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  Project mention: anybody got ysoserial to work in kali 2022 running java v17? | /r/oscp | 2023-06-24

• awesome-hacker-search-engines

  18 6,641 9.4 Shell

  A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

• WorkOS

  workos.com

  sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• cve

  13 6,049 9.6 HTML

  Gather and update all available and newest CVEs with their PoC.

  

  Project mention: Strange subdomain found during nmap scan | /r/cybersecurity | 2023-12-06

  Did you try using https://trickest.com?

• PoC-in-GitHub

  3 5,928 9.9

  📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

  

  Project mention: How do you stay on top of new vulnerabilities or CVEs? | /r/cybersecurity | 2023-12-07

• HowToHunt

  2 5,563 6.3

  Collection of methodology and test case for various web vulnerabilities.

• awesome-web-hacking

  2 5,415 5.4

  A list of web application security

• AllAboutBugBounty

  3 5,384 3.5

  All about bug bounty (bypasses, payloads, and etc)

  Project mention: How I hacked chess.com with a rookie exploit | news.ycombinator.com | 2024-01-26

  Yeah, pretty close: "On-site request forgery"[0]

  [0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• vulscan

  3 3,309 3.4 Lua

  Advanced vulnerability scanning with Nmap NSE

  

  Project mention: Scanning ports and finding network vulnerabilities using nmap | dev.to | 2023-12-01

  Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.

• dalfox

  1 3,260 8.4 Go

  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

• openvas-scanner

  9 2,851 9.3 C

  This repository contains the scanner component for Greenbone Community Edition.

  

  Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

  OpenVAS - https://github.com/greenbone/openvas-scanner

• fuzz.txt

  1 2,788 6.2

  Potentially dangerous files

• dockle

  2 2,643 5.8 Go

  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

  

• command-injection-payload-list

  2 2,582 0.0

  🎯 Command Injection Payload List

  

• pentest-guide

  1 2,348 10.0

  Penetration tests guide based on OWASP including test cases, resources and examples.

• reverse-shell

  1 1,750 2.7 JavaScript

  Reverse Shell as a Service

• bearer

  18 1,720 9.6 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

  Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• hacking-resources

  3 1,705 3.3

  Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

• SaaSHub

  www.saashub.com

  sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Vulnerability related posts

• Suas imagens de container não estão seguras!
  4 projects | dev.to | 20 Mar 2024
• Tell HN: Ubiquiti APs likely vulnerable to Terrapin
  3 projects | news.ycombinator.com | 14 Mar 2024
• Terrapin SSH Attack: An Overview
  1 project | dev.to | 12 Jan 2024
• Distroless images using melange and apko
  8 projects | dev.to | 22 Dec 2023
• Strange subdomain found during nmap scan
  1 project | /r/cybersecurity | 6 Dec 2023
• A folosit cineva până acum Trickest?
  1 project | /r/programare | 5 Dec 2023
• Scanning ports and finding network vulnerabilities using nmap
  2 projects | dev.to | 1 Dec 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 18 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com