SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

一个想帮你总结所有类型的上传漏洞的靶场

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

A collection of PHP backdoors. For educational or testing purposes only.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

一个关于PHP的代码审计项目

Pwn stuff.

CMS漏洞测试用例集合

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

PHP代码审计分段讲解

A semi-interactive PHP shell compressed into a single file.

国内各大CTF赛题及writeup整理

针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具

Multi-language web CGI interfaces exploits.

Windows杀软在线对比辅助

跟踪真实漏洞相关靶场环境搭建

Chrome < 62 uxss exploit (CVE-2017-5124)

收集各种各样的exp