Top 23 Cve Open-Source Projects
Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)Project mention: Recommendation for Vulnerability Management Solution | reddit.com/r/netsecstudents | 2022-04-08
Gather and update all available and newest CVEs with their PoC.Project mention: PoC available for CVE's | reddit.com/r/AskNetsec | 2022-03-31
https://github.com/trickest/cve this repo might have what you want
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
CVE Alerting PlatformProject mention: Is there an open source project for the firewalls advisories | reddit.com/r/cybersecurity | 2022-05-09
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) (by arthepsy)Project mention: pkexec (CVE-2021-4034) - local privilege escalation on all versions on Linux | reddit.com/r/blueteamsec | 2022-01-28
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricksProject mention: Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec - v2.15 of Log4j has an RCE | reddit.com/r/blueteamsec | 2021-12-17
WAF is also playing whackamole given all the ways to bypass simple rules
WebMap-Nmap Web Dashboard and ReportingProject mention: nmap xsl stylesheet ... but pretty? | reddit.com/r/nmap | 2022-04-13
What kind of info do you need to display? Zenmap can import Nmap scan results and shows the results in several different tabular formats. There are lots of programming language libraries and plugins for loading and processing Nmap results. Ndiff is one for Python 2, but you can usually find one in any language you are comfortable with. Loading the results into a database might be better if you want to be able to produce reports based on the results. Tools like Dradis and WebMap can do this automatically.
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.Project mention: List of public collections of PoCs on github to learn from 🍻🇺🇸❤ | reddit.com/r/hacking | 2021-12-16
OSINT tool - gets data from services like shodan, censys etc. in one appProject mention: SARENKA - an OSINT tool that gets data from services like Shodan, censys, etc. in one app | reddit.com/r/hacking | 2022-05-15
https://github.com/pawlaczyk/sarenka There you go Karen
A work-in-progress towards a free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337Project mention: CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337 | reddit.com/r/blueteamsec | 2022-03-28
Vulnerability (CVE) scanner for Nix/NixOS.Project mention: What Are Your Most Used Self Hosted Applications? | news.ycombinator.com | 2022-05-04
Initially I spent a lot of time as I used it as an opportunity to learn Nix/NixOS. I used Nix intentionally as it's a rolling release and also it's declarative and intended for reproducible deployments, so I don't need to deal with an OS like Ubuntu that slowly gets crufty and out of date and needs a clean-up or upgrade or complete re-install. And if I do need to re-install, it should be mostly a one-liner.
For security there are these scanners:
I also run all services in docker and my network uses VLANs behind an OPNSense firewall. I use Wireguard as a pinch point into my network to access most services. So I'm not too worried about the security aspect.
Upgrading on Nix is pretty easy - just bump your lock file and it will get the latest packages, assuming you are on the unstable channel. But unstable does break on occasion. You an also use the latest stable release of Nix and selectively choose unstable packages, which is probably the way to go. I rarely need to fix anything - it's pretty stable. It only starts eating time when I want to add or upgrade some element to the system, but I always make sure to never do any action that isn't captured in Nix config and backed up, so that I don't have to come back and figure out what exactly I did or how something works again. It's been fine. Nix has a pretty steep learning curve, but considering its power, I think it's absolutely worth it.
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:Project mention: Security Vulnerability Scanning for Scala | reddit.com/r/scala | 2021-05-23
Search an exploit in the local exploitdb database by its CVEProject mention: How to find information about any type of CVE and use it to exploit against other machines? | reddit.com/r/HowToHack | 2022-03-17
A simple framework for sending test payloads for known web CVEs.
Arch Linux Security TrackerProject mention: No arch-security emails for 3 months | reddit.com/r/archlinux | 2022-04-10
The project is on github. https://github.com/archlinux/arch-security-tracker/
Spring4Shell - Spring Core RCE - CVE-2022-22965
Check linux sources dump for known CVEs.Project mention: Kubernetes Security Checklist 2021 | dev.to | 2021-10-18
It is recommended to regularly update the OS kernel version (CVEhound)
Use this bot to monitor new CVEs containing defined keywords and send alerts to Slack and/or Telegram.Project mention: Best way to be informed of latest CVE/vulnerabilities ? | reddit.com/r/cybersecurity | 2021-06-09
You could also use this gentleman's amazing work https://github.com/carlospolop/BotPEASS
Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories. (by sickcodes)
An open source software directory and release tracker.Project mention: Freshmeat.net, 1997-2014 | news.ycombinator.com | 2022-03-07
Freshmeat was really great. I was a consumer and producer of data. I remember well the announcement of the death of Freshmeat.
This is partly why I did Freshermeat . I am operating an instance dedicated to security projects  where you can submit projects.
Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.Project mention: Debian/Ubuntu changelog?? | reddit.com/r/sysadmin | 2022-01-13
So I wrote a thorough checkmk local check script to report on patch state, and we were able to then pull reports straight out of our monitoring system. You can see a lobotomised version of said script here. When it came time for me to apply the same work to Debian/Ubuntu, I found that ecosystem to be somewhat brutally lacking compared to the RHEL world. You can see in that script that I mention debsecan, and for Ubuntu you'd need to pair it with ust2dsa. What I don't clearly mention in that script, though I hinted at it, is that I was exploring a way to parse Ubuntu's security JSON feeds... and it looks like Canonical started doing that themselves with their in-house cvescan tool. There's also the debcvescan tool for the Debian world.
A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands
Cve related posts
Is there an open source project for the firewalls advisories
1 project | reddit.com/r/cybersecurity | 9 May 2022
nmap xsl stylesheet ... but pretty?
3 projects | reddit.com/r/nmap | 13 Apr 2022
Rage about CVE dataset quality(?)
6 projects | reddit.com/r/cybersecurity | 17 Apr 2022
PoC available for CVE's
2 projects | reddit.com/r/AskNetsec | 31 Mar 2022
Vulnerability News Sources
1 project | reddit.com/r/cybersecurity | 14 Mar 2022
Tool to manage vulnerabilities from different sources?
1 project | reddit.com/r/AskNetsec | 8 Mar 2022
A constantly updated collection of almost every publicly available CVE PoC
1 project | reddit.com/r/redteamsec | 24 Feb 2022
What are some of the best open-source Cve projects? This list will help you:
Are you hiring? Post a new remote job listing for free.