OpenVAS - Vulnerability Scanner and Manager

•    C

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.

OWASP Joomla Vulnerability Scanner Project

•    Perl

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization

•    Java

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring Beans/Core (4.x), and Groovy (2.3.x). Later updated to include additional gadget chains for JRE <= 1.7u21 and several other libraries.

botnets - This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

•    C++

Many projects are duplicates or revisions of each other. Many of them have outdated depedencies. My goal is to collectively put them together so that they are compilable and help people interested in malware research analyze them and learn from these samples.

labs - Vulnerability Labs for security analysis

•    Python

Vulnerability Labs for security analysis

vulscan - Advanced vulnerability scanning with Nmap NSE

•    Lua

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.

js-vuln-db - A collection of JavaScript engine CVEs with PoCs

A collection of JavaScript engine CVEs with PoCs

w3af - Web Application Attack and Audit Framework

•    Python

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

Wapiti - Web application vulnerability scanner / security auditor

•    Python

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

IronWASP - Iron Web application Advanced Security testing Platform

•    CSharp

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

VulnWhisperer - Create actionable data from your Vulnerability Scans

•    Python

VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed. The following instructions should be utilized as a Sample Guide in the absence of an existing ELK Cluster/Node. This will cover a Debian example install guide of a stand-alone node of Elasticsearch & Kibana.

DCEPT - A tool for deploying and detecting use of Active Directory honeytokens

•    Python

DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft Active Directory. Honeytokens are pieces of information intentionally littered on system so they can be discovered by an intruder. The honeytokens are credentials that would only be known by a someone extracting them from memory. A logon attempt using these faux credentials would mean someone was inside the network and is attempting privilege escalation to domain administrator.

Bad-Pdf - Steal Net-NTLM Hash using Bad-PDF

•    Python

Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readers(Any version) and java scripts are not required for this attack, most of the EDR/Endpoint solution fail to detect this attack.

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

•    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

external-protocol-flooding - Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

•    TypeScript

The source code of the demo for external protocol flooding vulnerability. Allows arbitrary websites to gather information about installed applications on a victim's computer in order to perform reliable tracking across different desktop browsers. This repository is created for research and educational purposes only. Consider reading the original article about research.

Hardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance

•    C

This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for hardware and firmware vulnerabilities such as side-channel and UEFI vulnerabilities. The repository is a companion to NSA Cybersecurity Advisories such as Vulnerabilities Affecting Modern Processors. This repository is updated as new information, research, strategies, and guidance are developed. The following mitigations generally apply to all systems. For specific steps for a particular operating system or vendor product, consult detailed instructions and strategies at Specific Guidance.

DeepFence - Identify vulnerabilities in running containers, images, hosts and repositories

•    Go

Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless. ThreatMapper scans your platforms and identifies pods, containers, applications, and infrastructure. Use ThreatMapper to discover the topology of your applications and attack surface. It obtains manifests of dependencies from running pods and containers, serverless apps, applications, and operating system. ThreatMapper matches these against vulnerability feeds to identify vulnerable components.

PyLoris - Vulnerability test for DOS attack

•    Python

PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

Hacking - hacking is a kind of spirit !

•    Python

hacking is a kind of spirit !

BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website

•    Python

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.