Vulnerability Static Analysis for Containers
翻译 - 容器的漏洞静态分析
A static analysis security vulnerability scanner for Ruby on Rails applications
翻译 - 用于Ruby on Rails应用程序的静态分析安全漏洞扫描程序
整理并更新最新 CVE(安全漏洞) 及其 POC (漏洞证明)
Hunt for security weaknesses in Kubernetes clusters
翻译 - 寻找Kubernetes集群中的安全漏洞
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
翻译 - 集中DevSecOps团队的漏洞评估和管理
A database of PHP security advisories
翻译 - PHP安全公告数据库
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
翻译 - 在网站的前端JavaScript库中发现公开的安全漏洞
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
翻译 - OWASP NodeGoat项目提供了一个环境,以了解OWASP十大安全风险如何应用于使用Node.js开发的Web应用程序以及如何有效地解决这些问题。
A service that analyzes docker images and scans for vulnerabilities
翻译 - 一种分析docker映像并应用用户定义的接受策略以允许自动容器映像验证和认证的服务
Metlo is an open-source API security platform.
Linux Binary Exploitation
翻译 - Linux 二进制开发
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
A vulnerable version of Rails that follows the OWASP Top 10
翻译 - 遵循OWASP Top 10的Rails的脆弱版本
Advisories, proof of concept files and exploits that have been made public by @pedrib.
翻译 - This repository contains my advisories, proof of concept files and exploits that I have made public.
Repository for information about 0-days exploited in-the-wild.
翻译 - 存储库有关0天的信息,其中野外漏洞。
scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。