awesome-cve-poc - ✍️ A curated list of CVE PoCs.

✍️ A curated list of CVE PoCs.Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you might also want to check out awesome-web-security.

labs - Vulnerability Labs for security analysis

•    Python

Vulnerability Labs for security analysis

VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)

•    Shell

快速搭建各种漏洞环境(Various vulnerability environment)

js-vuln-db - A collection of JavaScript engine CVEs with PoCs

A collection of JavaScript engine CVEs with PoCs

Hardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance

•    C

This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for hardware and firmware vulnerabilities such as side-channel and UEFI vulnerabilities. The repository is a companion to NSA Cybersecurity Advisories such as Vulnerabilities Affecting Modern Processors. This repository is updated as new information, research, strategies, and guidance are developed. The following mitigations generally apply to all systems. For specific steps for a particular operating system or vendor product, consult detailed instructions and strategies at Specific Guidance.

java-deserialization-exploits - A collection of curated Java Deserialization Exploits

•    Python

A collection of curated Java Deserialization Exploits

CVE-2018-8120 - CVE-2018-8120 Windows LPE exploit

•    C++

Supports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64.

uxss-db - 🔪Browser logic-based vulnerabilities DB :skull_and_crossbones:

•    HTML

Star the repo, if it was useful for you ⭐️.

nvdcve - NVD/CVE as JSON files

Important: this repository is now partially redundant with the CVEProject/cvelist project that allows to explore the CVE®/NVD modification history using git as well as submitting new vulnerabilities using GitHub pull requests. However, this repository is still synchronized with the dictionaries to allow to fetch each vulnerability in JSON format. This repository contains JSON files describing vulnerabilities from the NVD and CVE® dictionaries.

sysechk - System Security Checker is a bundle of small shell scripts to assess your computer security

•    Shell

System Security Checker is a bundle of small shell scripts to assess your computer security. Clone the latest version of sysechk.

ansible-role-cve - Mitigates CVE-2016-5195 aka DirtyCOW

•    Shell

This role mitigates/patches the defined CVEs. Dirty COW vuln. http://dirtycow.ninja. Defaults to false. This mitigation will need to be run everytime the server it has been applied on restarts.

nist-data-mirror - A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.

•    Java

NIST Data Mirror is a Java command-line utility that mirrors the NVD CPE/CVE XML and JSON data from NIST. The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.

HellRaiser - Vulnerability Scanner

•    Ruby

Install redis-server and nmap. Install the foreman gem.

PyParser-CVE - Multi source CVE/exploit parser.

•    Python

PyParser is a vulnerability parser that looks for CVE's from different sources. It employs the Shodan API, has the ability to retrieve and process data from CVE Mitre and comes with functionality to install and use Offensive Security's ExploitDB Searchsploit utility. Start the program from the command line with python cveparser.py. Once the program has been started it will prompt for your Shodan.io API key. Once provided it will prompt to install Searchsploit, which is optional. After these operations a menu will be displayed the options for which are as follows.

malware-research - Samples, research and documents about any kind of malware and misc source which should be released for the public

•    C

Collection of malware samples, research and guides to understand it and to practice, learn and build mechanism to defeat it. Collection of Malware samples, research and guides to understand it and to practice, learn and build mechanism to defeat it.

cve-check-tool - Original Automated CVE Checking Tool

•    C

cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch. CVEs are only ever potential - due to the various policies of various distributions, and indeed semantics in versioning within various projects, it is expected that the tool may generate false positives.

LinuxFlaw - This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

•    C

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace. If you encounter problems with keyword "Failed to lock files", you could try to delete any .lck or .lock files or folders in the directory of the problematic VM.

patton-cli - The knife of the Admin & Security auditor

•    Python

Patton-cli (PC) born with the objective to be a knife for system admins and security auditors. PC could be filled with many different sources and report in many formats, being great for scripting.

patton-server - The clever vulnerability dependency finder

•    Python

Patton Server can resolve any library name to their CPE. Then returns the associated CVEs for this CPE. There're many tasks to do.You can check the Issues and send us a Pull Request.

Exploits - Exploits by 1N3@CrowdShield

•    Python

Exploits by 1N3@CrowdShield