Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A static analysis security vulnerability scanner for Ruby on Rails applications

syzkaller is an unsupervised coverage-guided kernel fuzzer

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Create randomly insecure VMs

🔐 Security advisories as a simple composer exclusion list, regularly updated

Checklist of security precautions for Ruby on Rails applications.

🚗Uber, at your fingertips

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

Safety checks your installed dependencies for known security vulnerabilities

Open-Source Security Architecture | 开源安全架构

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

Automatic SQL injection with Charles and sqlmap api

🎯 Command Injection Payload List

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

hacker, ready for more of our story ! 🚀

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

Find interesting and potentially hazardous commits in git projects

Tracking CVEs for the linux Kernel

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Identify vulnerabilities in running containers, images, hosts and repositories

ROPium is a tool that helps you building ROP exploits by finding and chaining gadgets together

Subdomain takeover vulnerability checker

mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/

HackerOne "in scope" domains

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

☠️ Call of Duty - Vulnerabilities and proof-of-concepts