SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Some of my exploits.

An Instagram-clone with my own flavors and features. Own the project with 5 simple steps!! 📸💝☢️ - No longer maintained.

Simple php reverse shell implemented using binary .

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Find AWS S3 buckets and test their permissions.

The "bot" component of the PlugBot project

鱼儿在cs上线后自动收杆|Automatically stop fishing in javascript after the fish is hooked

A simple Facebook Messenger Bot written in PHP that tells current time

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

🐘 PHP based download accelerator ⏬

Emoncms App module: application specific dashboards: includes myelectric, mysolarpv, myheatpump and solar + wind app.

Webshell Jumping Edition

Scripts for Analysis of a RCE in Moodle Calculated Questions (CVE-2024-43425)

A php script to automatically generate json translation files for html files containing jquery.i18n's DATA Api

basic ransomware for web server just need to do an RFI or LFI vuln upload

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), R…