is-website-vulnerable

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript

JavaScript1927apache-2.0

last year

hacktoberfestlighthousenodejs

cicd-goat

cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multip

Python1926apache-2.0

4 months ago

appseccicdctf

InsecureShop

An Intentionally designed Vulnerable Android Application built in Kotlin.

Kotlin227mit

3 years ago

trommel

TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Ind

Python204other

4 years ago

cwe_checker

cwe_checker

cwe_checker finds vulnerable patterns in binary executables

Rust1117lgpl-3.0

3 months ago

binary-analysiscwecwe-checker

Vuldroid

Vuldroid

Vuldroid is a Vulnerable Android Application made with security issues in order

Java59mit

3 years ago

android-applicationandroid-securityapplication-security

cloudgoat

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Python2832bsd-3-clause

5 months ago

ruby-advisory-db

A database of vulnerable Ruby Gems

Ruby1020other

6 days ago

advisory-fileshacktoberfestmetadata

terragoat

terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat

HCL1126apache-2.0

4 months ago

aws-securityazure-securitycloud-security

RVD

RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Python168gpl-3.0

5 months ago

bountybugcybersecurity

AndroBugs_Framework

AndroBugs_Framework

AndroBugs Framework is an efficient Android vulnerability scanner that helps dev

Python1118gpl-3.0

6 years ago

Shellshock-Vulnerability-Scan

Android app to scan for bash Vulnerability - CVE-2014-6271 also known as Shellsh

Java11gpl-2.0

3 years ago

nmap-vulners

nmap-vulners

NSE script based on Vulners.com API

Lua3229gpl-3.0

8 months ago

cfngoat

cfngoat

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoa

92

4 months ago

aws-securitycloudformationcloudsecurity

Android-InsecureBankv2

Vulnerable Android application for developers and security enthusiasts to learn

Java1218mit

7 months ago

diva-android

DIVA Android - Damn Insecure and vulnerable App for Android

Java937gpl-3.0

2 years ago

Awesome-Fuzzing

A curated list of fuzzing resources ( Books, courses - free and paid, videos, to

5215cc0-1.0

8 months ago

awesomeawesome-listfuzzing

kubernetes-goat

kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and pra

HTML4189mit

4 months ago

blueteamcloud-nativecloud-security

weblogic_honeypot

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the

Python31mit

5 years ago

deceptionexecution-vulnerabilityhoneypot

grype

grype

A vulnerability scanner for container images and filesystems

Go8302apache-2.0

3 months ago

container-imagecontainerscyclonedx

android-vts

android-vts

Android Vulnerability Test Suite - In the spirit of open data collection, and wi

Java1015other

5 years ago

Firmware_Slap

Firmware_Slap

Discovering vulnerabilities in firmware through concolic analysis and function c

Python468gpl-3.0

4 years ago

angrexploitfirmware

ciscoasa_honeypot

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-

JavaScript51mit

6 years ago

ciscocisco-asaexecution-vulnerability

flawfinder

a static analysis tool for finding vulnerabilities in C/C++ source code

Python471gpl-2.0

4 months ago

gql_intruder

A plugin based GraphQL vulnerability assessment tool.

Python13mit

4 years ago

graphqlgraphql-securitypentest-tool

data7

data7

A vulnerability patch gathering tool

Java40apache-2.0

6 years ago

Raccoon

Raccoon

A high performance offensive security tool for reconnaissance and vulnerability

Python3050mit

6 months ago

enumerationfuzzinghacking

a2sv

a2sv

Auto Scanning to SSL Vulnerability

Python617mit

4 years ago

hackingscannersecurity

scanner-cli

scanner-cli

A project security/vulnerability/risk scanning tool

JavaScript358other

3 years ago

cidockernodejs

amthoneypot

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689

Go16

9 months ago

insider

insider

Static Application Security Testing (SAST) engine focused on covering the OWASP

Go511mit

3 years ago

androidandroid-securitycli

DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects p

Java6399apache-2.0

24 days ago

ant-taskbuild-toolgradle-plugin

qark

Tool to look for several security related Android application vulnerabilities

Python3200other

10 months ago

mana-security-app

macOS vulnerability management for individuals

JavaScript22mit

2 years ago

cybersecurityelectronmacos

infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the c

C#732mit

10 months ago

brakeman

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

Ruby6944other

4 months ago

brakemanrailsruby

Log4Pot

A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

Python89gpl-3.0

3 years ago

pgspot

Spot vulnerabilities in postgres SQL scripts

Python68postgresql

7 days ago

SpecFuzz

A tool to enable fuzzing for Spectre vulnerabilities

C++30other

5 years ago

trivy

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes

Go23744apache-2.0

yesterday

containersdevsecopsdocker

Artemis

Artemis

A modular vulnerability scanner with automatic report generation capabilities.

Python493bsd-3-clause

3 months ago

artemispentestingsecurity

scap-rs

scap-rs

National Vulnerability Database (NVD) implemented by rust

Rust16gpl-3.0

18 days ago

actix-webcpecve

uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

HTML685mit

4 years ago

browsercvejavascript

nuclei

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Go18930mit

3 months ago

attack-surfacecve-scannerhacktoberfest

clair

clair

Vulnerability Static Analysis for Containers

Go10367apache-2.0

3 days ago

claircontainersdocker

retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Ca

JavaScript3604other

4 months ago

build-toolchrome-extensionfirefox-extension

vulscan

vulscan

Advanced vulnerability scanning with Nmap NSE

Lua3482other

2 months ago

exploitlualua-script

sbt-dependency-check

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if th

Scala263apache-2.0

5 months ago

appseccvedevops

inql

inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing,

Python1540apache-2.0

5 months ago

api-documentation-toolbugbountybugbounty-tool

dagda

dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, ma

Python1159apache-2.0

2 years ago

detecting-anomalous-activitiesdockermalware-detection

tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin

Java8278apache-2.0

2 months ago

xss-payload-list

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

5992mit

4 months ago

bugbountycross-site-scriptingdom-based

phonito-scanner-action

Free Docker Vulnerability Scanning for CI/CD integration

JavaScript31

last year

puma-scan

puma-scan

Puma Scan is a software security Visual Studio extension that provides real time

C#443mpl-2.0

2 years ago

quark-engine

quark-engine

Dig Vulnerabilities in the BlackBox

Python1263gpl-3.0

3 months ago

androidblackboxblackbox-testing

awesome-buggy-erc20-tokens

awesome-buggy-erc20-tokens

A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected

Python608cc0-1.0

9 months ago

awesomeawesome-listdapp

security-code-scan

security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

C#944lgpl-3.0

4 months ago

analysisanalyzercode

actions

actions

A set of GitHub actions for checking your projects for vulnerabilities

HTML508other

3 months ago

actionssnyk

awesome-security-newsletters

Periodic cyber security newsletters that capture the latest news, summaries of c

806gpl-2.0

9 months ago

cybersecuritynewsletter

rugby-board-node

Deprecate due to vulnerabilities in dependencies. Rugby News Board built with No

JavaScript7mit

5 years ago

herokunodejspreact

checkov

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in in

Python7139apache-2.0

yesterday

awsaws-securityazure

kics

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigur

Open Policy Agent2097apache-2.0

2 days ago

appseccloudnativedevsecops

roca

ROCA: Infineon RSA key vulnerability

Python481mit

last year

detectordiscrete-logarithmfingerprinting

phpcs-security-audit

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilitie

PHP706gpl-3.0

2 years ago

phpphp-codesnifferphpcs

is-website-vulnerable

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript

JavaScript1927apache-2.0

last year

hacktoberfestlighthousenodejs

cicd-goat

cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multip

Python1926apache-2.0

4 months ago

appseccicdctf

InsecureShop

An Intentionally designed Vulnerable Android Application built in Kotlin.

Kotlin227mit

3 years ago

ovaa

Oversecured Vulnerable Android App

Java615bsd-2-clause

4 months ago

android-securityappsecmobile-security

wrongsecrets

wrongsecrets

Vulnerable app with examples showing how to not use secrets

Java1188agpl-3.0

3 months ago

awsazurectf

trommel

TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Ind

Python204other

4 years ago

cwe_checker

cwe_checker

cwe_checker finds vulnerable patterns in binary executables

Rust1117lgpl-3.0

3 months ago

binary-analysiscwecwe-checker

Vuldroid

Vuldroid

Vuldroid is a Vulnerable Android Application made with security issues in order

Java59mit

3 years ago

android-applicationandroid-securityapplication-security

cloudgoat

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Python2832bsd-3-clause

5 months ago

ruby-advisory-db

A database of vulnerable Ruby Gems

Ruby1020other

6 days ago

advisory-fileshacktoberfestmetadata

terragoat

terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat

HCL1126apache-2.0

4 months ago

aws-securityazure-securitycloud-security

RVD

RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Python168gpl-3.0

5 months ago

bountybugcybersecurity

AndroBugs_Framework

AndroBugs_Framework

AndroBugs Framework is an efficient Android vulnerability scanner that helps dev

Python1118gpl-3.0

6 years ago

nmap-vulners

nmap-vulners

NSE script based on Vulners.com API

Lua3229gpl-3.0

8 months ago

cfngoat

cfngoat

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoa

92

4 months ago

aws-securitycloudformationcloudsecurity

Android-InsecureBankv2

Vulnerable Android application for developers and security enthusiasts to learn

Java1218mit

7 months ago

Awesome-Fuzzing

A curated list of fuzzing resources ( Books, courses - free and paid, videos, to

5215cc0-1.0

8 months ago

awesomeawesome-listfuzzing

kubernetes-goat

kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and pra

HTML4189mit

4 months ago

blueteamcloud-nativecloud-security

weblogic_honeypot

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the

Python31mit

5 years ago

deceptionexecution-vulnerabilityhoneypot

grype

grype

A vulnerability scanner for container images and filesystems

Go8302apache-2.0

3 months ago

container-imagecontainerscyclonedx

Firmware_Slap

Firmware_Slap

Discovering vulnerabilities in firmware through concolic analysis and function c

Python468gpl-3.0

4 years ago

angrexploitfirmware

ciscoasa_honeypot

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-

JavaScript51mit

6 years ago

ciscocisco-asaexecution-vulnerability

flawfinder

a static analysis tool for finding vulnerabilities in C/C++ source code

Python471gpl-2.0

4 months ago

gql_intruder

A plugin based GraphQL vulnerability assessment tool.

Python13mit

4 years ago

graphqlgraphql-securitypentest-tool

data7

data7

A vulnerability patch gathering tool

Java40apache-2.0

6 years ago

Raccoon

Raccoon

A high performance offensive security tool for reconnaissance and vulnerability

Python3050mit

6 months ago

enumerationfuzzinghacking

a2sv

a2sv

Auto Scanning to SSL Vulnerability

Python617mit

4 years ago

hackingscannersecurity

scanner-cli

scanner-cli

A project security/vulnerability/risk scanning tool

JavaScript358other

3 years ago

cidockernodejs

amthoneypot

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689

Go16

9 months ago

insider

insider

Static Application Security Testing (SAST) engine focused on covering the OWASP

Go511mit

3 years ago

androidandroid-securitycli

DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects p

Java6399apache-2.0

24 days ago

ant-taskbuild-toolgradle-plugin

qark

Tool to look for several security related Android application vulnerabilities

Python3200other

10 months ago

infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the c

C#732mit

10 months ago

brakeman

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

Ruby6944other

4 months ago

brakemanrailsruby

Log4Pot

A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

Python89gpl-3.0

3 years ago

pgspot

Spot vulnerabilities in postgres SQL scripts

Python68postgresql

7 days ago

SpecFuzz

A tool to enable fuzzing for Spectre vulnerabilities

C++30other

5 years ago

trivy

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes

Go23744apache-2.0

yesterday

containersdevsecopsdocker

Artemis

Artemis

A modular vulnerability scanner with automatic report generation capabilities.

Python493bsd-3-clause

3 months ago

artemispentestingsecurity

scap-rs

scap-rs

National Vulnerability Database (NVD) implemented by rust

Rust16gpl-3.0

18 days ago

actix-webcpecve

uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

HTML685mit

4 years ago

browsercvejavascript

nuclei

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Go18930mit

3 months ago

attack-surfacecve-scannerhacktoberfest

clair

clair

Vulnerability Static Analysis for Containers

Go10367apache-2.0

3 days ago

claircontainersdocker

retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Ca

JavaScript3604other

4 months ago

build-toolchrome-extensionfirefox-extension

vulscan

vulscan

Advanced vulnerability scanning with Nmap NSE

Lua3482other

2 months ago

exploitlualua-script

sbt-dependency-check

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if th

Scala263apache-2.0

5 months ago

appseccvedevops

inql

inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing,

Python1540apache-2.0

5 months ago

api-documentation-toolbugbountybugbounty-tool

dagda

dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, ma

Python1159apache-2.0

2 years ago

detecting-anomalous-activitiesdockermalware-detection

tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin

Java8278apache-2.0

2 months ago

xss-payload-list

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

5992mit

4 months ago

bugbountycross-site-scriptingdom-based

phonito-scanner-action

Free Docker Vulnerability Scanning for CI/CD integration

JavaScript31

last year

puma-scan

puma-scan

Puma Scan is a software security Visual Studio extension that provides real time

C#443mpl-2.0

2 years ago

quark-engine

quark-engine

Dig Vulnerabilities in the BlackBox

Python1263gpl-3.0

3 months ago

androidblackboxblackbox-testing

awesome-buggy-erc20-tokens

awesome-buggy-erc20-tokens

A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected

Python608cc0-1.0

9 months ago

awesomeawesome-listdapp

security-code-scan

security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

C#944lgpl-3.0

4 months ago

analysisanalyzercode

actions

actions

A set of GitHub actions for checking your projects for vulnerabilities

HTML508other

3 months ago

actionssnyk

awesome-security-newsletters

Periodic cyber security newsletters that capture the latest news, summaries of c

806gpl-2.0

9 months ago

cybersecuritynewsletter

rugby-board-node

Deprecate due to vulnerabilities in dependencies. Rugby News Board built with No

JavaScript7mit

5 years ago

herokunodejspreact

checkov

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in in

Python7139apache-2.0

yesterday

awsaws-securityazure

kics

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigur

Open Policy Agent2097apache-2.0

2 days ago

appseccloudnativedevsecops

roca

ROCA: Infineon RSA key vulnerability

Python481mit

last year

detectordiscrete-logarithmfingerprinting

phpcs-security-audit

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilitie

PHP706gpl-3.0

2 years ago

phpphp-codesnifferphpcs

lunasec

lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vuln

TypeScript1429other

7 months ago

compliancecontinuous-deliverycve-scanning