This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
☆1,003Mar 11, 2026Updated last week
Alternatives and similar repositories for tsunami-security-scanner-plugins
Users that are interested in tsunami-security-scanner-plugins are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with h…☆8,552Feb 19, 2026Updated last month
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- A powerful browser crawler for web vulnerability scanners☆3,020Mar 11, 2025Updated last year
- Community curated list of templates for the nuclei engine to find security vulnerabilities.☆12,058Updated this week
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via E…☆8,510Nov 16, 2025Updated 4 months ago
- Advanced vulnerability scanning with Nmap NSE☆3,730Feb 6, 2026Updated last month
- In-depth attack surface mapping and asset discovery☆14,282Updated this week
- The cheat sheet about Java Deserialization vulnerabilities☆3,173May 26, 2023Updated 2 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,414Jun 17, 2025Updated 9 months ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大�家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆458Mar 24, 2022Updated 3 years ago
- Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、…☆4,273Apr 4, 2021Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- ☆2,666Mar 5, 2024Updated 2 years ago
- Automated Adversary Emulation Platform☆6,831Updated this week
- Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabil…☆1,316May 22, 2025Updated 10 months ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,787Apr 26, 2024Updated last year
- A malicious LDAP server for JNDI injection attacks☆1,076Sep 28, 2023Updated 2 years ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,688Mar 13, 2026Updated last week
- J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tes…☆679Oct 29, 2025Updated 4 months ago
- 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.☆7,581Updated this week
- ☆423Jan 5, 2022Updated 4 years ago
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆27,492Mar 16, 2026Updated last week
- Resources related to GitHub Security Lab☆1,592Dec 2, 2025Updated 3 months ago
- ☆1,189Jan 21, 2026Updated 2 months ago
- Java RCE 回显测试代码☆1,015Oct 15, 2020Updated 5 years ago
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,546Oct 16, 2025Updated 5 months ago
- Main Sigma Rule Repository☆10,203Mar 15, 2026Updated last week
- ☆835Jun 7, 2022Updated 3 years ago
- Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…☆2,693Mar 14, 2024Updated 2 years ago
- Open Source Vulnerability Management Platform☆6,298Feb 13, 2026Updated last month
- Automated Security Testing For REST API's☆2,644Jun 5, 2024Updated last year
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,812Dec 4, 2025Updated 3 months ago
- ✍️ A curated list of CVE PoCs.☆3,483Jan 4, 2022Updated 4 years ago
- 红队作战中比较常遇到的一些重点系统漏洞整理。☆2,521Jul 17, 2021Updated 4 years ago
- Weblogic coherence.jar RCE☆176May 10, 2020Updated 5 years ago
- fastjson 被动扫描、不出网payload生成☆367Nov 19, 2021Updated 4 years ago
- KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。☆2,382Jan 16, 2026Updated 2 months ago
- 在渗透测试中快速检测常见中间件、组件的高危漏洞。☆728Mar 21, 2022Updated 4 years ago