vulnerability

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check:https://hackertraining.org

training ai exploit hackers hacking artificial-intelligence cybersecurity penetration-testing exploits vulnerability awesome-list hacker vulnerability-management vulnerability-identification vulnerability-assessment ethical-hacking awesome-lists exploit-development ai-security hacking-series

UpdatedDec 11, 2025
Jupyter Notebook

chaitin /SafeLine

Star19.6k

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

security hackers api-gateway captcha firewall waf xss bruteforce self-hosted cybersecurity sql-injection vulnerability application-security web-security cve appsec web-application-firewall http-flood blueteam websecurity

UpdatedNov 5, 2025
Go

Hacker0x01 /hacker101

Star14.3k

Source code for Hacker101.com - a free online web and mobile security class.

education security hacking xss sql-injection vulnerability csrf web-security mobile-security clickjacking hackerone session-fixation hacker101 unchecked-redirects

UpdatedFeb 22, 2025
SCSS

chaitin /xray

Star11.3k

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

security xss poc vulnerability passive-vulnerability-scanner sqlinjection vulnerability-scanner

UpdatedOct 29, 2024
Vue

anchore /grype

Star11.2k

A vulnerability scanner for container images and filesystems

go docker golang security tool containers static-analysis oci vulnerability vex vulnerabilities hacktoberfest container-image cyclonedx openvex

UpdatedDec 17, 2025
Go

frohoff /ysoserial

Star8.7k

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

java serialization exploit jvm deserialization gadget poc vulnerability javadeser

UpdatedDec 4, 2025
Java

trickest /cve

Star7.4k

Gather and update all available and newest CVEs with their PoC.

security exploit hacking penetration-testing poc vulnerability infosec pentesting vulnerabilities cve software-security red-team security-tools software-vulnerability software-vulnerabilities latest-cve cve-poc

UpdatedDec 17, 2025
HTML

nomi-sec /PoC-in-GitHub

Star7.4k

📡 PoC auto collect from GitHub.⚠️ Be careful Malware.

security exploit poc vulnerability cve

UpdatedDec 18, 2025

KathanP19 /HowToHunt

Star6.9k

Collection of methodology and test case for various web vulnerabilities.

tutorials vulnerability bugbounty bugbountytips bughunting-methodology

UpdatedJun 25, 2025

infoslack /awesome-web-hacking

Star6.7k

A list of web application security

security scanner hacking owasp penetration-testing vulnerability web-security pentesting vulnerabilities appsec metasploit web-hacking hacking-tools

UpdatedMay 27, 2025

daffainfo /AllAboutBugBounty

Sponsor

Star6.5k

All about bug bounty (bypasses, payloads, and etc)

security bug hacking penetration-testing vulnerability infosec bugbounty pentest bypass payload payloads reconnaissance bugbountytips

UpdatedSep 8, 2023

LandGrey /SpringBootVulExploit

Star6.1k

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

rce vulnerability springboot springcloud springboot-actuator-rce spring-boot-vulnerability spring-vulnerability spring-actuator-vulnerability

UpdatedMar 10, 2021
Java

infobyte /faraday

Star6.1k

Open Source Vulnerability Management Platform

security devops security-audit collaboration orchestration cybersecurity nmap penetration-testing vulnerability infosec pentesting cve nessus appsec vulnerability-management vulnerability-scanners burpsuite security-automation devsecops continuous-scanning

UpdatedDec 11, 2025
Python

hahwul /dalfox

Sponsor

Star4.7k

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

golang security xss vulnerability bugbounty xss-scanner xss-detection hacktoberfest devsecops xss-exploit xss-bruteforce cicd-pipeline bugbounty-tool

UpdatedDec 16, 2025
Go

greenbone /openvas-scanner

Star4.3k

This repository contains the scanner component for Greenbone Community Edition.

c scanner vulnerability openvas vulnerability-detection vulnerability-management techops vulnerability-scanners vulnerability-assessment gvm foo greenbone greenbone-vulnerability-management openvas-scanner greenbone-community-edition

UpdatedDec 17, 2025
Rust

zhzyker /exphub

Star4.3k

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340