#Vulnerability

Showing 60 of 264 repositories tagged #vulnerability, ranked by stars

swisskyrepo
swisskyrepo
PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Score
100
★ 79.0k ⑂ 17.2k +72/day
Python
aquasecurity
aquasecurity
trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Score
100
★ 36.8k ⑂ 530 +58/day
Go
The-Art-of-Hacking
The-Art-of-Hacking
h4cker

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org

Score
100
★ 28.3k ⑂ 5.3k +135/day
Jupyter Notebook
chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
93
★ 21.7k ⑂ 1.4k +40/day
Go
Hacker0x01
Hacker0x01
hacker101

Source code for Hacker101.com - a free online web and mobile security class.

Score
95
★ 14.5k ⑂ 2.7k +3/day
SCSS
anchore
anchore
grype

A vulnerability scanner for container images and filesystems

Score
86
★ 12.5k ⑂ 823
Go
chaitin
chaitin
xray

一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Score
92
★ 11.6k ⑂ 1.9k +4/day
Vue
trickest
trickest
cve

Gather and update all available and newest CVEs with their PoC.

Score
99
★ 7.9k ⑂ 976 +7/day
HTML
nomi-sec
nomi-sec
PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Score
100
★ 7.9k ⑂ 1.3k +4/day
infoslack
infoslack
awesome-web-hacking

A list of web application security

Score
99
★ 7.0k ⑂ 1.3k +6/day
daffainfo
daffainfo
AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)

Score
90
★ 6.8k ⑂ 1.3k +14/day
infobyte
infobyte
faraday

Open Source Vulnerability Management Platform

Score
88
★ 6.6k ⑂ 1.1k +5/day
Python
gommzystudio
gommzystudio
device-activity-tracker

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

Score
100
★ 5.0k ⑂ 693
TypeScript
greenbone
greenbone
openvas-scanner

This repository contains the scanner component for Greenbone Community Edition.

Score
100
★ 4.7k ⑂ 783 +5/day
Rust
Tencent
Tencent
AI-Infra-Guard

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

Score
98
★ 4.1k ⑂ 393
Python
alexandreborges
alexandreborges
malwoverview

Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, AbuseIPDB, GreyNoise, URLScan.io, Whois/RDAP, NIST, and VulnCheck. Supports LLM enrichment, IOC extraction, YARA scanning, and Android analysis.

Score
98
★ 3.9k ⑂ 535 +31/day
Python
scipag
scipag
vulscan

Advanced vulnerability scanning with Nmap NSE

Score
96
★ 3.8k ⑂ 696 +2/day
Lua
Az0x7
Az0x7
vulnerability-Checklist

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

Score
87
★ 3.6k ⑂ 843
swisskyrepo
swisskyrepo
SSRFmap

Automatic SSRF fuzzer and exploitation tool

Score
88
★ 3.6k ⑂ 570 +4/day
Python
goodwithtech
goodwithtech
dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Score
79
★ 3.3k ⑂ 162 +1/day
Go
Voorivex
Voorivex
pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

Score
84
★ 2.8k ⑂ 575 +2/day
google
google
osv.dev

Open source vulnerability DB and triage service.

Score
97
★ 2.8k ⑂ 338 +1/day
Go
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
96
★ 2.7k ⑂ 141 +2/day
Go
Lifka
Lifka
hacking-resources

Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.

Score
81
★ 2.6k ⑂ 263
Threekiii
Threekiii
Vulnerability-Wiki

一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.

Score
100
★ 2.1k ⑂ 421 +5/day
HTML
anouarbensaad
anouarbensaad
vulnx

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Score
79
★ 2.1k ⑂ 365 +1/day
Python
lukechilds
lukechilds
reverse-shell

Reverse Shell as a Service

Score
92
★ 2.0k ⑂ 250
Go
ihebski
ihebski
A-Red-Teamer-diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Score
89
★ 1.9k ⑂ 315
ossf
ossf
cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Score
97
★ 1.7k ⑂ 637 +2/day
Python
dolevf
dolevf
Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

Score
79
★ 1.7k ⑂ 374 +1/day
JavaScript
project-copacetic
project-copacetic
copacetic

🧵 CLI tool for directly patching container images!

Score
94
★ 1.7k ⑂ 121 +14/day
Go
v3n0m-Scanner
v3n0m-Scanner
V3n0M-Scanner

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Score
25
★ 1.6k ⑂ 415
Python
guacsec
guacsec
guac

GUAC aggregates software security metadata into a high fidelity graph database.

Score
94
★ 1.5k ⑂ 205
Go
HummerRisk
HummerRisk
HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

Score
75
★ 1.5k ⑂ 239
Java
jweny
jweny
pocassist

傻瓜式漏洞PoC测试框架

Score
75
★ 1.4k ⑂ 246
Go
aquasecurity
aquasecurity
trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Score
95
★ 1.4k ⑂ 354 +5/day
Shell
jeffzh3ng
jeffzh3ng
fuxi

Penetration Testing Platform

Score
76
★ 1.3k ⑂ 368
Python
freelabz
freelabz
secator

secator - the pentester's swiss knife

Score
93
★ 1.3k ⑂ 133
Python
Vu1nT0tal
Vu1nT0tal
IoT-vulhub

IoT固件漏洞复现环境

Score
50
★ 1.3k ⑂ 178
Python
topscoder
topscoder
nuclei-wordfence-cve

75k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒

Score
93
★ 1.3k ⑂ 156 +1/day
Python
hacktoolspack
hacktoolspack
hack-tools

hack tools

Score
77
★ 1.2k ⑂ 498
Python
jxy-s
jxy-s
herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Score
72
★ 1.2k ⑂ 223
C++
nixawk
nixawk
labs

Vulnerability Labs for security analysis

Score
75
★ 1.2k ⑂ 437
Python
RUB-NDS
RUB-NDS
Terrapin-Scanner

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

Score
43
★ 993 ⑂ 70
Go
globocom
globocom
secDevLabs

A laboratory for learning secure web and mobile development in a practical manner.

Score
74
★ 976 ⑂ 463
PHP
toolswatch
toolswatch
vFeed

The Correlated CVE Vulnerability And Threat Intelligence Database API

Score
12
★ 949 ⑂ 240
Python
reconmap
reconmap
reconmap

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AI‑assisted summaries, it delivers faster, more structured, and high‑quality security assessments.

Score
91
★ 938 ⑂ 133 +1/day
JavaScript
bigblackhat
bigblackhat
oFx

一个开源的、开箱即用的漏洞批量验证框架

Score
50
★ 912 ⑂ 162 +912/day
Python
tuhin1729
tuhin1729
Bug-Bounty-Methodology

These are my checklists which I use during my hunting.

Score
68
★ 867 ⑂ 113
HTML
pwnesia
pwnesia
dnstake

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Score
36
★ 853 ⑂ 75 +1/day
Go
yqcs
yqcs
prismx

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

Score
64
★ 829 ⑂ 87 +3/day
Go
R0X4R
R0X4R
Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Score
71
★ 810 ⑂ 181
Shell
nix-community
nix-community
vulnix

Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]

Score
89
★ 800 ⑂ 46 +5/day
Python
Mehdi0x90
Mehdi0x90
Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Score
90
★ 790 ⑂ 149 +4/day
rmb122
rmb122
rogue_mysql_server

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

Score
21
★ 768 ⑂ 86
Go
hardik05
hardik05
Damn_Vulnerable_C_Program

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

Score
50
★ 724 ⑂ 188
Rust
Unclecheng-li
Unclecheng-li
poc-lab

Recent CVE PoC & reproduction scripts. Focused on high-severity vulnerabilities across Linux kernel, Windows, macOS and more.

Score
75
★ 717 ⑂ 114 +20/day
C
Metnew
Metnew
uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

Score
64
★ 705 ⑂ 83
HTML
aboutcode-org
aboutcode-org
vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Score
91
★ 691 ⑂ 311
Python
ossillate-inc
ossillate-inc
packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Score
87
★ 686 ⑂ 37
Python
Related Topics
#security#penetration-testing#cve#security-tools#exploit#hacking#vulnerability-scanners#pentesting#cybersecurity#bugbounty#devsecops

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly