一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

Local privilege escalation via PetitPotam (Abusing impersonate privileges).

基于Pocsuite3、goby编写的漏洞poc&exp存档

Git All the Payloads! A collection of web attack payloads.

⚡ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡

Here is some resources about macOS/iOS system security.

Lock package.json with yarn

Demonstrate changes to `package-lock.json` by `npm install`

增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持

Decrypted content of eqgrp-auction-file.tar.xz

Kernel Driver Utility

[DEPRECATED] Assign Azure Active Directory Identities to Kubernetes applications.

PoC exploits for software vulnerabilities

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Developer-friendly incident response with brilliant Slack integration

A collection of awesome one-liner scripts especially for bug bounty tips.

JQF + Zest: Coverage-guided semantic fuzzing for Java.

Intentionally vulnerable Node.js REST API for benchmarking SAST, SCA, and code quality tools. Contains 30 real, functional issues across Critical/High/Medium/Low severities covering SQL injection, command injection, path traversal, IDOR, hardcoded secrets, and more. Not for production use.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Github - package.json and package-lock.json scrapper