Change the repository type filter
All
Repositories list
93 repositories
vulnerable-web-app
Publicsession-hijacking
PublicA threat actor may access the user's account using a stolen or leaked valid (existing) session identifiersession-replay
PublicA threat actor may re-use a stolen or leaked session identifier to access the user's accountremote-file-inclusion
PublicA threat actor may cause a vulnerable target to include/retrieve remote filelocal-file-inclusion
Publicsession-fixation
PublicA threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's a…blind-sql-injection
Publicblind-sql-injectionauthentication-bypass
PublicA threat actor may gain access to data and functionalities by bypassing the target authentication mechanismixora
Publicsocial-analyzer
PublicAPI, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websiteshoneypots
Public30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle…- A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
- A threat actor may inject malicious content into webapp. The payload is reflected in the HTTP request and response, then executed in the victim's browser
sql-injection
PublicA threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained …os-command-injection
PublicA threat actor may inject arbitrary operating system (OS) commands on targetopen-redirect
PublicA threat actor may send a malicious redirect request for a vulnerable target to a victim; the victim gets redirected to a malicious website that threat actor co…- A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
- A threat actor may inject malicious content into webapp. The payload is not reflected in the HTTP request and response, then executed in the victim's browser
default-credential
PublicA threat actor may gain unauthorized access using the default username and passwordanalyzer
PublicAnalyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and m…threat-intelligence
PublicThreat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats …- Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization
cyber-kill-chain
Public- An adversary may utilize a sim swapping attack for defeating 2fa authentication
- An adversary may utilize a sim swapping attack for defeating 2fa authentication
digital-forensics
PublicDigital Forensics is the process of finding and analyzing electronic datacybersecurity
PublicCybersecurity is the measures taken to protect networks, devices, and data against cyberattacks
ProTip! When viewing an organization's repositories, you can use the
props. filter to filter by custom property.