metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules and tools for exploiting vulnerabilities and conducting penetration testing. The primary...

What Does BAS Stand For? A Complete Guide

Running generic security tests is like studying for the wrong exam. You might be prepared for something, but not for the threats you’re most likely to face. To build a truly resilient defense, you need to test your controls against the specific tactics, techniques, and procedures that adversaries...

How BAS Helps Threat Exposure Management: A Complete Guide

Your vulnerability scanner just produced a report with hundreds of "critical" CVEs. Now what? For most security teams, this is where the guessing game begins. You know you can't fix everything at once, so you're forced to make tough calls based on CVSS scores and gut feelings, all while hoping yo...

fbi-exploit-kit-v2

fbi-exploit-kit-v2 Adv...

XSS_Vulnerability_scanner

XSSVulnerabilityscanner Features: - Tests multiple XSS...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of tools and resources for penetration testing and vulnerability assessment. The repository contains a wide range of modules, including exploits, payloads, and auxiliary tools, which can be used to test and exploit...

DUALGUAGE: Automated Joint Security-Functionality Benchmarking for Secure Code Generation

Large language models LLMs and autonomous coding agents are increasingly used to generate software across a wide range of domains. Yet a core requirement remains unmet: ensuring that generated code is secure without compromising its functional correctness. Existing benchmarks and evaluations for...

MAL-2025-191875 Malicious code in speed-testing-vps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in speed-testing-vps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

ruby-web-vulnerability-tester

ruby-web-vulnerability-tester 🔎 Ruby Web Application Vulnera...

commix-master

Commix short for command injection exploi...

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

metasploitable-Security-Assessment comprehensive penetration t...

Exploit for Relative Path Traversal in Fortinet Fortiweb

CVE-2025-64446 Fortinet FortiWeb Path Traversal RCE Exploit A...

GenAI: Harness the Power, Eliminate the Risk — A Practical Playbook for Securing AI from Day One

Enterprises everywhere are racing to leverage AI to gain sharper insights, automate workflows, and deliver richer customer experiences. Based on an assessment conducted by Bain & Company, generative AI adoption is soaring, with 95% of US companies using it, up 12 percentage points in just a year...

automated-security-code-review

...

The Cloudflare Outage May Be a Security Roadmap

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have...

What is Patch Management Automation and Why It Matters

Executive Summary Environments rarely stay as orderly as they begin. New workloads, faster releases, and growing attack surfaces stretch manual patching beyond its limits. The real risk emerges in the widening gap between spotting a vulnerability and fixing it. Automated patch management closes...

XSS-

It is an offensive tool for web application security testing. Th...

Malicious code in security-testing-research22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64907ea19ad2bdfcd9821121cf13c4cc8445a34d72575729369913b0b7bd9084 The package security-testing-research22 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-190567 Malicious code in security-testing-research22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64907ea19ad2bdfcd9821121cf13c4cc8445a34d72575729369913b0b7bd9084 The package security-testing-research22 was found to contain malicious code. Source: ossf-package-analysis...