30 open-source projects similar to friendsofphp/security-advisories, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Security Advisories alternative.
HowToHunt is a bug bounty hunting knowledge base and a structured guide for web application penetration testing. It provides a research methodology for organizing security testing procedures and validating application behaviors against known vulnerability patterns. The project features a curated library of security flaws and reconnaissance techniques. It organizes security testing into modular playbooks, checklists, and categorical vulnerability mappings to align specific exploitation techniques with target weaknesses. The repository covers a systematic sequence of information gathering task
SecLists is a centralized library of security assessment data designed to support vulnerability discovery and penetration testing. It functions as a comprehensive repository of wordlists, payloads, and testing methodologies used to audit software, firmware, and internet-connected hardware for technical vulnerabilities. The project distinguishes itself through a standardized taxonomy and a language-agnostic data format, which allows security tools to predictably ingest and utilize its assets regardless of the underlying programming environment. By decoupling raw testing data from execution log
This project is a bug bounty resource directory, vulnerability research cheatsheet, and web security payload library. It serves as a centralized collection of curated payloads and common attack vectors used to identify security vulnerabilities in web applications. The repository provides a directory of platforms, books, and tools to support vulnerability discovery skills. It includes a reference for tested payloads and techniques used to trigger bugs and identify vulnerabilities during security audits. The content covers web application pentesting, security vulnerability testing, and general
some codes and notes about the backdoor listening on TCP-32764 in linksys WAG200G.
This repository contains several tools Project Zero uses to test iPhone messaging. It includes:
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Vulnerability Intelligence Platform
PeiQi-WIKI-Book is a cybersecurity knowledge base and security research wiki. It functions as a markdown static site generator that converts structured text files into a set of interconnected HTML pages. This system serves as a curated collection of technical documentation and guides focused on vulnerability research, code auditing, and penetration testing. The project utilizes a git-driven documentation workflow, using version control hooks to automatically update a live website when content changes. It features a client-side searchable index that allows users to find security topics without
Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection
Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on
SecurityAdvisories is a software composition analysis tool and PHP security advisory database used to audit project dependencies against known security flaws and CVEs. It functions as a vulnerability scanner for PHP projects to identify and manage risky third-party libraries. The project implements a system for detecting and blocking vulnerable dependencies during the software development lifecycle. It prevents the installation of software packages with known security flaws by maintaining an exclusion list of forbidden versions. The tool integrates with the PHP package manager to intercept d
This repository is intended to host my research papers. Put it on watch if you would like to read more from me.
SensioLabs Security Checker
Pay me if you like this paper:)
kernel privilege escalation enumeration and exploitation framework
Masochist is a framework for creating XNU based rootkits. Very useful in OS X and iOS security research. It can do cool things like:
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i