Pinned Repositories
1000php
1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
2021hvv_vul
2021hvv漏洞汇总
angr
A powerful and user-friendly binary analysis platform!
ApplicationInspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
archerysec
Centralize Vulnerability Assessment and Management for DevSecOps Team
attack-datasources
This content is analysis and research of the data sources currently listed in ATT&CK.
attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
attack-website
MITRE ATT&CK Website
AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
wg-security-tooling
OpenSSF Security Tooling Working Group
henryzz0's Repositories
henryzz0/2021hvv_vul
2021hvv漏洞汇总
henryzz0/archerysec
Centralize Vulnerability Assessment and Management for DevSecOps Team
henryzz0/AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
henryzz0/binaryanalysis-ng
Binary Analysis Next Generation (BANG)
henryzz0/binnavi
BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
henryzz0/binskim
A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats
henryzz0/checkedc-clang
This repo contains a version of clang that is being modified to support Checked C. Checked C is an extension to C that adds checking to detect or prevent common programming errors such as out-of-bounds memory accesses.
henryzz0/clusterfuzz
Scalable fuzzing infrastructure.
henryzz0/content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
henryzz0/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
henryzz0/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
henryzz0/DevSkim
DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
henryzz0/faraday
Collaborative Penetration Test and Vulnerability Management Platform
henryzz0/fossa-cli
Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
henryzz0/fuzzbench
FuzzBench - Fuzzer benchmarking as a service.
henryzz0/IoT-vulhub
IoT 固件漏洞复现环境
henryzz0/onefuzz
A self-hosted Fuzzing-As-A-Service platform
henryzz0/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
henryzz0/ossf-cve-benchmark
The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
henryzz0/OSSGadget
Collection of tools for analyzing open source packages.
henryzz0/osv
Open source vulnerability DB and triage service.
henryzz0/pyright
Static type checker for Python
henryzz0/restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
henryzz0/rode
rode facilitates Automated Governance in your software supply chain. This repository contains the rode API which is the primary interface between the rode UI or rode Collectors and metadata storage in Grafeas. The rode API provides functions for metadata search and storage as well as policy creation and evaluation.
henryzz0/scorecard
Security Scorecards - Security health metrics for Open Source
henryzz0/slsa
Supply-chain Levels for Software Artifacts
henryzz0/vscode-extension
DeepCode extension for Visual Studio Code
henryzz0/vulfocus
🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
henryzz0/waflab
A web-based testing platform for WAF (Web Application Firewall)'s correctness
henryzz0/WhatTheHack
A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates.