Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A static analysis security vulnerability scanner for Ruby on Rails applications

syzkaller is an unsupervised coverage-guided kernel fuzzer

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

🔐 Security advisories as a simple composer exclusion list, updated daily

Create randomly insecure VMs

Checklist of security precautions for Ruby on Rails applications.

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

🚗Uber, at your fingertips

Safety checks your installed dependencies for known security vulnerabilities

Open-Source Security Architecture | 开源安全架构

🎯 Command Injection Payload List

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

Automatic SQL injection with Charles and sqlmap api

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

Identify vulnerabilities in running containers, images, hosts and repositories

hacker, ready for more of our story ! 🚀

Tracking CVEs for the linux Kernel

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

Subdomain takeover vulnerability checker

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Find interesting and potentially hazardous commits in git projects

ROPium is a tool that helps you building ROP exploits by finding and chaining gadgets together

mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/

HackerOne "in scope" domains

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .