Vulnerabilities

CVE-Vulnerability-Information-Downloader – Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

25 Feb 2023 By hackergadgets

Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. Exploit Prediction Scoring System (EPSS) estimates the likelihood that a software vulnerability will be exploited in the wild. CISA publishes a list of known exploited vulnerabilities. This projects downloads the information from the threeRead More

Web-Hacking-Playground – Web Application With Vulnerabilities Found In Real Cases, Both In Pentests And In Bug Bounty Programs

15 Feb 2023 By hackergadgets

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them. Other topics of interest will also be addressed, such as: bypassing filters by creatingRead More

Appshark – Static Taint Analysis Platform To Scan Vulnerabilities In An Android App

04 Nov 2022 By hackergadgets

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK — JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue. Building/Compiling AppShark We assume that you are working inRead More

Bomber – Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities

24 Oct 2022 By hackergadgets

bomber is an application that scans SBOMs for security vulnerabilities. Overview So you’ve asked a vendor for an Software Bill of Materials (SBOM) for one of their closed source products, and they provided one to you in a JSON file… now what? The first thing you’re going to want to do is see if anyRead More

SCodeScanner – Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities

23 Sep 2022 By hackergadgets

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features Supported PHP Language Supported YAML Language Pass results to bug tracking services like JiraRead More

ApacheTomcatScanner – A Python Script To Scan For Apache Tomcat Server Vulnerabilities

03 Sep 2022 By hackergadgets

A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by line from a file. Reading individual targets (IP/DNS/CIDR)Read More

VAmPI – Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

19 Jun 2022 By hackergadgets

The Vulnerable API (Based on OpenAPI 3)  VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off toRead More

Cervantes – Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

19 Jun 2022 By hackergadgets

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients and Offensive Security projects One click reports creation And more Runtime requirements Docker Docker composeRead More

AutoPWN Suite – Project For Scanning Vulnerabilities And Exploiting Systems Automatically

09 Jun 2022 By hackergadgets

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. How does it work? AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database.Read More

Kubeclarity – Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

11 May 2022 By hackergadgets

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection: Various programmingRead More

X