Lists (20)
Stars
Proof of Concept for CVE-2026-23745: Arbitrary File Overwrite vulnerability in node-tar (versions < 7.5.3).
Vulnerable app with examples showing how to not use secrets
EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration.
A free open source IT asset/license management system
The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World
Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.
Tool for mass testing ZeroLogon vulnerability CVE-2020-1472
A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.
Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation
Generates millions of keyword-based password mutations in seconds.
One command to fix CVE-2025-66478 (React 2 Shell RCE) in your Next.js / React RSC app.
CVE-2025-55182 - React Server Components RCE Exploit & Scanner Supports external servers and CLI interface
Pre-auth RCE in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0.
A non-intrusive surface scanner for CVE-2025-55182 (React Server Components RCE). Detects exposed RSC endpoints in React 19 and Next.js applications
Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
Open-source AI hackers to find and fix your app’s vulnerabilities.
Debug, evaluate, and monitor your LLM applications, RAG systems, and agentic workflows with comprehensive tracing, automated evaluations, and production-ready dashboards.