7375 matches found
PentestEval: Benchmarking LLM-Based Penetration Testing with Modular and Stage-Level Design
Penetration testing is essential for assessing and strengthening system security against real-world threats, yet traditional workflows remain highly manual, expertise-intensive, and difficult to scale. Although recent advances in Large Language Models LLMs offer promising opportunities for...
Penetration Testing of Agentic AI: A Comparative Security Analysis across Models and Frameworks
Agentic AI introduces security vulnerabilities that traditional LLM safeguards fail to address. Although recent work by Unit 42 at Palo Alto Networks demonstrated that ChatGPT-4o successfully executes attacks as an agent that it refuses in chat mode, there is no comparative analysis in multiple...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...
XSS-FINDER
usage python xssscanner.py ╔═════════════════════════════════...
📄 dotCMS 25.07.02-1 Security Scanner
dotCMS version 25.07.02-1 python scanning script that looks for remote SQL injection. ============================================================================================================================================= | Title : dotCMS 25.07.02-1 Security Scanner | | Author : indoushka |...
Zed Attack Proxy 2.17.0 Cross Platform Package
The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...
SQLi_XSS_tester
No d...
curl: testing hackerone functions
hi team i am testing hackerone functions i need some help of you this is my test account can you blacklist me from your program not ban just blacklist Impact thanks...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell A CLI tool to exploit prototype pollution vulnerab...
What Is Security Control Validation? A Practical Guide
A fully-stocked security arsenal can create a dangerous false sense of security. You might have the best technology on the market, but misconfigurations, policy gaps, or a lack of integration can leave you just as exposed as having no tools at all. Relying on a defense that only looks good on pap...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js React2Shell CVE-2025-55182 Exploit Tool A proof-of-...
Exploit for CVE-2025-55184
POC React2Shell - CVE-2025-55184 - CVE-2025-55184 !CAUTION Le...
Exploit for Deserialization of Untrusted Data in Facebook React
REACT2SHELL 🎯 Quick Overview What is this? This tool is...
📄 dotCMS 24.04.24 Vulnerability Scanner
dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...
Scale AI Securely with Qualys TotalAI’s Streamlined Onboarding, Deeper Risk Detection, and Compliance-Ready Reporting
Executive Summary Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new class of risk that is behavioral, contextual, and dynamic, driven by how models interpret instruction...
cyber-security-lab-soc-vapt-beginner
Cyber Security Practice Lab — Beginner SOC + VAPT This begin...
Linux Distros Unpatched Vulnerability : CVE-2022-50674
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - riscv: vdso: fix NULL deference in vdsojointimens when vfork Testing tools/testing/selftests/timens/vforkexec.c got below kernel log: 6.838454 Unable to handle...
Automated Penetration Testing with LLM Agents and Classical Planning
While penetration testing plays a vital role in cybersecurity, achieving fully automated, hands-off-the-keyboard execution remains a significant research challenge. In this paper, we introduce the "Planner-Executor-Perceptor PEP" design paradigm and use it to systematically review existing work a...
Exploit for Deserialization of Untrusted Data in Facebook React
💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...
Exploit for CVE-2025-9074
CVE-2025-9074-POC Proof-of-Concept exploit for CVE-2025-9074...