swisskyrepo/Vulny-Code-Static-Analysis external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

swisskyrepo/Vulny-Code-Static-Analysis

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/swisskyrepo/Vulny-Code-Static-Analysis)

Close

swisskyrepo / Vulny-Code-Static-AnalysisView on GitHubMore

• External links
• Readme badge

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

☆419Feb 27, 2025Updated last year

Alternatives and similar repositories for Vulny-Code-Static-Analysis

Users that are interested in Vulny-Code-Static-Analysis are comparing it to the libraries listed below

• swisskyrepo / DamnWebScanner

  View on GitHub
  Another web vulnerabilities scanner, this extension works on Chrome and Opera
  ☆470Sep 22, 2019Updated 6 years ago
• swisskyrepo / Wordpresscan

  View on GitHub
  WPScan rewritten in Python + some WPSeku ideas
  ☆650Jun 4, 2021Updated 4 years ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,493Sep 4, 2025Updated 6 months ago
• swisskyrepo / GraphQLmap

  View on GitHub
  GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
  ☆1,631Mar 11, 2024Updated last year
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,482Oct 12, 2024Updated last year
• swisskyrepo / SharpLAPS

  View on GitHub
  Retrieve LAPS password from LDAP
  ☆435Feb 17, 2021Updated 5 years ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,903Sep 27, 2021Updated 4 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆612Mar 4, 2021Updated 5 years ago
• dustyfresh / PHP-vulnerability-audit-cheatsheet

  View on GitHub
  This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabi…
  ☆362Mar 6, 2025Updated last year
• nccgroup / BurpSuiteHTTPSmuggler

  View on GitHub
  A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
  ☆735May 4, 2019Updated 6 years ago
• pentestmonkey / php-findsock-shell

  View on GitHub
  ☆17May 29, 2015Updated 10 years ago
• 1N3 / CTF-Writeups

  View on GitHub
  CTF Writeups
  ☆16Jul 18, 2017Updated 8 years ago
• codingo / Reconnoitre

  View on GitHub
  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…
  ☆2,185Dec 11, 2022Updated 3 years ago
• cbayet / Exploit-CVE-2017-6008

  View on GitHub
  Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.
  ☆120Nov 6, 2024Updated last year
• bugcrowd / HUNT

  View on GitHub
  ☆2,319Dec 8, 2023Updated 2 years ago
• 0x09AL / DNS-Persist

  View on GitHub
  DNS-Persist is a post-exploitation agent which uses DNS for command and control.
  ☆209Nov 20, 2017Updated 8 years ago
• OneSourceCat / phpvulhunter

  View on GitHub
  A tool that can scan php vulnerabilities automatically using static analysis methods
  ☆489Mar 20, 2018Updated 7 years ago
• Mr-Un1k0d3r / RedTeamPowershellScripts

  View on GitHub
  Various PowerShell scripts that may be useful during red team exercise
  ☆961Apr 28, 2022Updated 3 years ago
• 0x09AL / CVE-2017-11882-metasploit

  View on GitHub
  This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office…
  ☆97Nov 21, 2017Updated 8 years ago
• ropnop / opennms_hash_cracker

  View on GitHub
  Python script to extract and bruteforce OpenNMS password hashes in users.xml
  ☆18Jun 21, 2017Updated 8 years ago
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,244Jan 8, 2026Updated 2 months ago
• jivoi / pentest

  View on GitHub
  offsec batteries included
  ☆1,601Mar 11, 2024Updated last year
• 0xacb / viewgen

  View on GitHub
  Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
  ☆657Feb 1, 2025Updated last year
• betab0t / cve-2017-7494

  View on GitHub
  Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share)
  ☆181Jul 26, 2017Updated 8 years ago
• 003random / 003Recon

  View on GitHub
  Some tools to automate recon - 003random
  ☆294Jun 5, 2018Updated 7 years ago
• sensepost / ruler

  View on GitHub
  A tool to abuse Exchange services
  ☆2,302Jun 10, 2024Updated last year
• AlessandroZ / LaZagneForensic

  View on GitHub
  Windows passwords decryption from dump files
  ☆511Feb 2, 2023Updated 3 years ago
• 0xbharath / censys-enumeration

  View on GitHub
  A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
  ☆153Dec 7, 2022Updated 3 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,779Apr 26, 2024Updated last year
• bluscreenofjeff / Red-Team-Infrastructure-Wiki

  View on GitHub
  Wiki to collect Red Team infrastructure hardening resources
  ☆4,454Oct 1, 2025Updated 5 months ago
• mazen160 / server-status_PWN

  View on GitHub
  A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-s…
  ☆442Sep 19, 2021Updated 4 years ago
• 0xdeadbeefJERKY / Office-DDE-Payloads

  View on GitHub
  Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
  ☆638Jul 16, 2023Updated 2 years ago
• GreatSCT / GreatSCT

  View on GitHub
  The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool…
  ☆1,127Feb 10, 2021Updated 5 years ago
• codingo / VHostScan

  View on GitHub
  A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…
  ☆1,284Aug 18, 2025Updated 6 months ago
• s0md3v / JShell

  View on GitHub
  JShell - Get a JavaScript shell with XSS.
  ☆532May 5, 2019Updated 6 years ago
• GoSecure / dtd-finder

  View on GitHub
  List DTDs and generate XXE payloads using those local DTDs.
  ☆649Feb 21, 2024Updated 2 years ago
• mgeeky / tomcatWarDeployer

  View on GitHub
  Apache Tomcat auto WAR deployment & pwning penetration testing tool.
  ☆447Mar 31, 2024Updated last year
• ptoomey3 / evilarc

  View on GitHub
  Create tar/zip archives that can exploit directory traversal vulnerabilities
  ☆1,035Jun 3, 2021Updated 4 years ago
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,716Dec 1, 2024Updated last year