Easy Scan vulnerability your server using Bash. this simple script to get information about CPE, CVE, Expose Port, And Hostname.

Network Securities Research and Experimentation Utility

A REST api built in Node.js that vulnerable to MongoDB object injection

Exploiting the vulnerabilities

Scan the whole IP4 space looking for exposed Elasticsearch services

Simple tool for testing vulnerability to CVE 2019-19781

Authentication Bypass in Server Code for LibSSH

PoC Exploits organized by CVE identifier in easily parsable JSON format

Proof-Of-Concept of time-based username enumeration. This happens due to the time it costs to process a hash in the backend server and is often ignored or forgotten in audits.

Repository for COMP.SEC.300 Secure Programming Course

Code repository for the manuscript: "Hotspots for social and ecological impacts from freshwater stress and storage loss", published in Nature Communications.

Simple Toolkit for Network Probing

Web Application Logical Bug Fuzzer

D-Language based MMS plugin and server for exploiting vulnerable servers.

This repository contains the the security vulnerabilities identified for Qubo smart switch. The CVE has been requested to MITRE

** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, NOTE: multiple third parties have reported that …

This report based on Open Web Application Security Project, Where, scanning and finding the defects in Web Applications based on TOP 10 OWASP like, Broken Access Control, Injection, Cross Site Scripting, Server-Side Request Forgery, etc. which is available on owasp.org.

Redirection of sensitive form data to a remote server. Self-XSS

It's a library that allows us to test api endpoints by fuzzing them with malicious payloads that you can choose.