Convert Figma logo to code with AI

disclose logodiodb

Open-source vulnerability disclosure and bug bounty program database

1,018
318
1,018
17

Top Related Projects

33,988

Automatic SQL injection and database takeover tool

Find, verify, and analyze leaked credentials

23,063

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

62,434

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Quick Overview

DIO DB is an open-source database of digital input/output (DIO) pins for various microcontrollers and single-board computers. It aims to provide a comprehensive and standardized reference for hardware developers and enthusiasts working with embedded systems.

Pros

  • Extensive collection of DIO pin information for multiple platforms
  • Standardized format for easy integration and comparison
  • Community-driven project, allowing for frequent updates and additions
  • Useful for both beginners and experienced developers in embedded systems

Cons

  • May not always be up-to-date with the latest hardware releases
  • Potential for inaccuracies due to community contributions
  • Limited to DIO information, excluding other hardware-specific details
  • Requires manual verification for critical applications

Getting Started

To use the DIO DB repository:

  1. Clone the repository:

    git clone https://github.com/disclose/diodb.git
    
  2. Navigate to the desired platform folder (e.g., arduino, raspberry-pi, etc.).

  3. Open the JSON file for the specific board you're interested in.

  4. Use the information in your projects or integrate it into your development tools.

Competitor Comparisons

33,988

Automatic SQL injection and database takeover tool

Pros of sqlmap

  • More comprehensive and feature-rich SQL injection testing tool
  • Actively maintained with frequent updates and bug fixes
  • Supports a wide range of database management systems

Cons of sqlmap

  • Larger codebase, potentially more complex to use and contribute to
  • May be considered overkill for simple SQL injection testing scenarios
  • Requires more system resources due to its extensive functionality

Code Comparison

sqlmap (Python):

def getFingerprint(self):
    value = ""
    wsOsFp = Format.getOs("web server", kb.headersFp)
    if wsOsFp:
        value += "%s\n" % wsOsFp
    return value

diodb (Ruby):

def get_fingerprint
  value = ""
  ws_os_fp = Format.get_os("web server", kb.headers_fp)
  value += "#{ws_os_fp}\n" if ws_os_fp
  value
end

Both projects implement similar functionality for fingerprinting, but sqlmap's codebase is more extensive and complex compared to diodb's simpler approach.

Find, verify, and analyze leaked credentials

Pros of Trufflehog

  • More actively maintained with frequent updates and contributions
  • Supports a wider range of secret types and scanning targets
  • Offers both CLI and API usage, providing greater flexibility

Cons of Trufflehog

  • Potentially more complex to set up and configure
  • May produce more false positives due to its extensive scanning capabilities
  • Requires more system resources for large-scale scans

Code Comparison

Trufflehog (Python):

def find_strings(blob, rules):
    for rule in rules:
        found_strings = rule.check(blob)
        for string in found_strings:
            yield string

Diodb (Go):

func FindSecrets(content []byte) []Secret {
    var secrets []Secret
    for _, detector := range detectors {
        secrets = append(secrets, detector.Find(content)...)
    }
    return secrets
}

Both projects aim to detect secrets in code repositories, but they differ in implementation languages and specific approaches. Trufflehog offers more extensive features and customization options, while Diodb focuses on simplicity and ease of use. The code snippets demonstrate their core functionality of iterating through detectors or rules to find potential secrets in the given content.

23,063

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Pros of Nuclei

  • More active development with frequent updates and contributions
  • Extensive library of pre-built templates for various security checks
  • Supports multiple protocols and technologies beyond just web applications

Cons of Nuclei

  • Steeper learning curve due to its more complex template system
  • Requires more system resources for large-scale scans
  • May produce more false positives in certain scenarios

Code Comparison

Nuclei template example:

id: example-template
info:
  name: Example Template
  severity: info
requests:
  - method: GET
    path:
      - "{{BaseURL}}/example"
    matchers:
      - type: word
        words:
          - "Example Response"

DioDB query example:

SELECT * FROM vulnerabilities 
WHERE cve_id = 'CVE-2021-1234' 
AND affected_product LIKE '%Apache%';

Key Differences

  • Nuclei focuses on active scanning and template-based vulnerability detection
  • DioDB is a database of known vulnerabilities, providing a queryable interface
  • Nuclei is more suited for real-time security assessments
  • DioDB is better for historical vulnerability research and tracking

Use Cases

  • Nuclei: Security testing, vulnerability scanning, and penetration testing
  • DioDB: Vulnerability management, threat intelligence, and risk assessment

Both tools serve different purposes in the security ecosystem, with Nuclei being more hands-on for active testing and DioDB providing a comprehensive vulnerability knowledge base.

62,434

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Pros of SecLists

  • Larger and more comprehensive collection of wordlists and payloads
  • More actively maintained with frequent updates
  • Widely recognized and used in the security community

Cons of SecLists

  • Can be overwhelming due to its size and variety of lists
  • May include outdated or less relevant entries in some lists
  • Requires more storage space and longer download times

Code Comparison

SecLists:

admin
password
123456
root
qwerty

diodb:

admin
password
123456
root
letmein

Summary

SecLists is a more extensive and frequently updated repository, offering a wide range of wordlists and payloads for various security testing purposes. It's well-known in the security community but can be overwhelming due to its size.

diodb, on the other hand, is a smaller and more focused repository, primarily containing common credentials and wordlists. It's easier to navigate and requires less storage space, but may not offer the same breadth of content as SecLists.

Both repositories serve similar purposes in providing resources for security testing, with SecLists being more comprehensive and diodb being more concise and manageable.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pros of PayloadsAllTheThings

  • More comprehensive coverage of various attack vectors and techniques
  • Regularly updated with new payloads and methodologies
  • Well-organized structure with clear categorization of payloads

Cons of PayloadsAllTheThings

  • May be overwhelming for beginners due to the vast amount of information
  • Lacks a standardized format for payload entries across different categories

Code Comparison

PayloadsAllTheThings (SQL Injection example):

' OR '1'='1
' OR 1=1--
' UNION SELECT NULL,NULL,NULL--

diodb (SQL Injection example):

' OR 1=1--
' UNION SELECT username,password FROM users--

Summary

PayloadsAllTheThings offers a more extensive collection of payloads and attack techniques compared to diodb. It covers a wider range of security topics and is frequently updated. However, diodb may be more approachable for beginners due to its simpler structure and focused content. Both repositories provide valuable resources for security professionals and enthusiasts, with PayloadsAllTheThings being more suitable for advanced users looking for a comprehensive reference, while diodb might be preferable for those seeking a more concise and straightforward resource.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Pros of CheatSheetSeries

  • Comprehensive coverage of various security topics
  • Regularly updated with community contributions
  • Well-structured and easy to navigate

Cons of CheatSheetSeries

  • Primarily text-based, lacking interactive elements
  • May be overwhelming for beginners due to extensive content

Code Comparison

CheatSheetSeries (XML-based content):

<cheatsheet>
  <title>Authentication Cheat Sheet</title>
  <section>
    <sectionTitle>Introduction</sectionTitle>
    <paragraph>Authentication is the process of verifying...</paragraph>
  </section>
</cheatsheet>

diodb (JSON-based data):

{
  "name": "CVE-2021-44228",
  "description": "Apache Log4j2 2.0-beta9 through 2.15.0...",
  "severity": "Critical",
  "affected_versions": ["2.0-beta9", "2.0-rc1", "2.0-rc2", "2.0", "2.1"]
}

Summary

CheatSheetSeries offers a wide range of security-related content in an organized format, making it an excellent resource for security professionals and developers. However, its text-heavy nature may be less engaging for some users. diodb, on the other hand, focuses on providing structured vulnerability data, which can be more suitable for integration into security tools and automated processes.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

The disclose.io Database (diodb)

A true, community-powered, vendor agnostic directory of all known VDP and BBPs, contact details, policy location, preferred languages, and the status of:

  • Safeharbor
  • Availability rewards, hall of fame, swag
  • Disclosure policy

Disclose.io Vulnerability, VDP, and Bug Bounty Program Database

Quick links

PurposeLink
Search through the database front-endhttps://disclose.io/programs
Download the raw database in .json formathttps://github.com/disclose/diodb/raw/master/program-list.json
Generate your own Vulnerability Disclosure Programhttps://policymaker.disclose.io/
Join disclose.io Community Forumhttps://community.disclose.io
Learn more about Vulnerability Disclosure Programs (VDP)https://github.com/disclose/dioterms

Why does diodb exist?

diodb exists to drive the adoption of Safe Harbor for hackers and promote the cybersecurity posture of early adopters, simplify the process of finding the right contacts and channel at an organization, and help both finders and vendors align around the expectations of engagement. It also provides a simple, vendor-agnostic point of engagement for program operators, potential program operators, and the security community to maintain updates to their program.

How to Contribute

Contributions are very welcome! You may add a new program or update an existing one by either opening an issue or a pull request.

Open an Issue

or

Follow the contribution guidelines to prepare and open a Pull Request

License

Creative Commons License
disclose by disclose.io is licensed under a Creative Commons Attribution 4.0 International License.