Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Shell

Rust

Lua

Emacs Lisp

Kotlin

CoffeeScript

Solidity

Go

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Rust

Racket

C++

C

PowerShell

MATLAB

Perl

Kotlin

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇸🇷 Suriname

🇸🇲 San Marino

🇨🇦 Canada

🇬🇾 Guyana

🇷🇼 Rwanda

🇪🇭 Western Sahara

🇲🇻 Maldives

🇨🇺 Cuba

All Countries Compare Countries

foospidy/web-cve-tests

Stars
129
Rank 277,712 (Top 6 %)
Language
Python
Created over 5 years ago
Updated almost 4 years ago

foospidy/web-cve-tests

foospidy

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A simple framework for sending test payloads for known web CVEs.

web-cve-tests

The goal of this tool is to send PoC payloads to verify server-side attack detection solutions. If detected, the server side should return a specified HTTP status code.

This tool is not intended to actually exploit the vulnerability or to test for the existence of the vulnerability.

Usage

Basic:

./webcve.py --url https://target-site.com

Specify detected response code (default is 403):

./webcve.py --url https://target-site.com --status-code 406

Verbose (output CVE descriptions):

./webcve.py --url https://target-site.com -v

Test a single CVE (with example output):

./webcve.py --url https://target-site.com --status-code 406 --cve CVE-2017-9791 -v
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution
via a malicious field value passed in a raw message to the ActionMessage.
        Test passed (406)
        Test passed (406)
        Test passed (406)
        Test passed (406)

Test for a group of CVEs. Groups are defined in groups.json.

./webcve.py --url https://target-site.com --group struts

Test for a group type of CVEs. Types are defined in groups.json.

./webcve.py --url https://target-site.com --type cms

List available groups or types.

./webcve.py --list group

./webcve.py --list type

Contributions

Pull requests are welcome. Please use the existing CVE directories as examples of how you should structure your submission.

payloads

Git All the Payloads! A collection of web attack payloads.

HoneyPy

A low to medium interaction honeypot.

DbDat

Db Database Assessment Tool

GrepBugs

A regex based source code scanner.

ipt-kit

Bash scripts to help setup port redirects with iptables

HoneyMiner

Deploy a honeypot and a crypto currency miner together, so sweet.

GitGrepBugs

Grep Bugs with Git

logstash-input-signalsciences

Logstash input plugin for Signal Sciences requests feed API.

sigsci-sounds

Listen to the soothing sounds of attacks and anomalies detected by the Signal Sciences web protection platform.

CACConsole

A Python based console for managing Cloud at Cost servers via the CaC API

HoneyPy-Docker

Build a HoneyPy Docker Image

GrepBugsRules

fuzzcat

Rudimentary network protocol fuzzer using bash, netcat, and other tools.

honeydb-malware-downloads

Malware samples downloaded from URLs referenced in HoneyDB data.

GrepBugsPluginNotepadPlusPlus

GrepBugs Plugin for Notepad++

sigsci-power-rules

Rule packs for Signal Sciences power rules platform.

XSSwat

Chrome extension to prevent visiting web pages that are known to be vulnerable to XSS.

web-threat-hunting

Utility scripts to assist with threat hunting in web applications.

cryptoflow

Crypto Flow - Airflow tasks for buying the dip and dollar cost averaging

sigsci-admin

Signal Sciences Admin Tool

XSSwat-SG

XSSwat Signature Generator

HoneyPyPi

Setup script to make your Raspberry Pi a HoneyPy honeypot.

pysigsci

Python module for Signal Sciences

sigsci-ad-sync

A helper script for synchronizing AD group users to SigSci site members.

sigsci-docker-brew

Install and setup of a docker image for running Signal Sciences in reverse proxy mode on OSX

GrepBugsPluginEclipse

GrepBugs Plugin for Eclipse

clilib

A library of emulated command line commands.

sigsci-country-block

Signal Sciences Block Attacking IP Addresses by Country

DockerDev-Python

Docker build for Python dev.

DockerDev-Php

Docker build for PHP dev.

DockerDev-PWS

Docker build for Pivotal PWS dev.

dtxt

Grab data in dynamic-text.dat from iTunes backup

DockerDev-Ansible

Docker build for Ansible dev.

sigsci-helper-scripts

A collection of helper scripts for Signal Sciences

sigsci-syslog-webhook

A cloud function to forward Signal Sciences webhook messages to syslog

DockerDev-Bluemix

Docker build for IBM Bluemix dev.

DockerTunnel-Mysql

Docker build for SSH tunneling to a Mysql server.