Web-Vulnerability-Scanner

Web Application Vulnerability Scanner Internship Task - 2...

PT-2025-38452

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.24-syzkaller Description A flaw was discovered in the Linux kernel related to the handling of VLAN packets. Specifically, the use of pskb may pull instead of skb header pointer in certain functions could lead...

Can Codeless Testing Tools Detect Common Security Vulnerabilities?

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations...

xss-Finder

This repository contains two files one is a vulnerable pa...

Obsidian Plugin Persistence

This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...

CVE-2022-50341 cifs: fix oops during encryption

In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR =...

CVE-2023-53291 rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfreescalethread threads after unloading rcuscale Running the 'kfreercutest' test case 1 results in a splat 2. The root cause is the kfreescalethread threads continue running after unloading the rcuscale module...

XOffense: an AI-Driven Autonomous Penetration Testing Framework with Offensive Knowledge-Enhanced LLMs and Multi Agent Systems

This work introduces xOffense, an AI-driven, multi-agent penetration testing framework that shifts the process from labor-intensive, expert-driven manual efforts to fully automated, machine-executable workflows capable of scaling seamlessly with computational infrastructure. At its core, xOffense...

nettoolbox

NetToolbox - Network Security Toolkit A comprehensive, modern...

Time-Constrained Intelligent Adversaries for Automation Vulnerability Testing: a Multi-Robot Patrol Case Study

Simulating hostile attacks of physical autonomous systems can be a useful tool to examine their robustness to attack and inform vulnerability-aware design. In this work, we examine this through the lens of multi-robot patrol, by presenting a machine learning-based adversary model that observes...

kali-linux-cheatsheet

It is an offensive tool for penetration testing. The repository contains a Kali Linux Cheat Sheet for Penetration Testers, which provides quick references, commands, and techniques for various aspects of penetration testing. The cheat sheet covers topics such as reconnaissance and enumeration,...

Beebeeto-framework

This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...

JustTryHarder

This is a cheat sheet repository for the PWK Pentester's Workbench course and the OSCP Offensive Security Certified Professional exam. It is inspired by PayloadAllTheThings. The repository contains various tools, scripts, and resources for penetration testing and exploitation. The repository...

Exploit for Out-of-bounds Read in Openssl

It is an exploit module/toolkit targeting OpenSSL versions vulnerable to CVE-2014-0160, also known as the Heartbleed vulnerability. The tool, ssltest.py, scans multiple hosts for this vulnerability in an efficient multi-threaded manner without exploiting the server. The probable entry point is th...

scripts

This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...

offensiveinterview

It is an offensive tool for penetration testing and red teaming. The repository contains a collection of interview questions to screen offensive red team/pentest candidates, categorized into open-ended, knowledge-based, and scenario-based questions. The questions cover various topics such as...

wazuh

This repository is an open-source security platform called Wazuh, which provides unified XDR and SIEM protection for endpoints and cloud workloads. The repository contains various files and templates for issue reporting, testing, and integration with external services. The probable entry points f...

sinatra

This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...

disable_eval

This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...

hackingtool

This is an offensive tool for penetration testing and hacking. It is a collection of various tools for different types of attacks, including information gathering, web attacks, SQL injection, phishing, and more. The tool is written in Python and is designed to be run on Linux systems, including...