Repository navigation
cwe
- Website
- Wikipedia
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
cwe_checker finds vulnerable patterns in binary executables
The Correlated CVE Vulnerability And Threat Intelligence Database API
OSINT tool - gets data from services like shodan, censys etc. in one app
Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
Corax for Java: A general static analysis framework for java code checking.
Vulnogram is a tool for creating and editing CVE information in CVE JSON format
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
The goal of this project is to provide additional features on top of the existing npm audit options
Python API for vFeed Vulnerability & Threat Intelligence Database Enterprise & Pro Editions
"Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting" by Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O'Reilly
Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.
Repository for "SecurityEval Dataset: Mining Vulnerability Examples to Evaluate Machine Learning-Based Code Generation Techniques" published in MSR4P&S'22.
Open Source Tool - Cybersecurity Graph Database in Neo4j
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.
Development of the NIST vulnerability data ontology (Vulntology).
WebGoat.NETCore - port of original WebGoat.NET to .NET Core