SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Damn Vulnerable Web Application (DVWA)

This is a webshell open source project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Postman汉化中文版

ThinkPHP3.2 ——基于PHP5的简单快速的面向对象的PHP框架

Collection of CTF Web challenges I made

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

h-m-m, or Hackers Mind Map, is a simple, fast, keyboard-centric terminal-based tool for working with mind maps.

WDScanner平台目前实现了如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。

Webshell && Backdoor Collection

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

一个关于PHP的代码审计项目

构建优化高效的渗透 fuzz 字典合集

一个漏洞扫描器粘合剂,添加目标后30款工具自动调用；支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证，SSH批量测试、vulmap。

Pwn stuff.

CMS漏洞测试用例集合

PHP代码审计分段讲解

PHP版本的离线IP地址定位库

码小六 - GitHub 代码泄露监控系统

Various webshells. We accept pull requests for additions to this collection.

AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters

ThinkPHP漏洞综合利用工具, 图形化界面, 命令执行, 一键getshell, 批量检测, 日志遍历, session包含,宝塔绕过

Wikitten is a small, fast, PHP wiki, and the perfect place to store your notes, code snippets, ideas, and so on.

一个经典的XSS渗透管理平台

Exploitation for XSS

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

OpenSource Poc && Vulnerable-Target Storage Box.

适用于一线安服的ctf培训题目，全docker环境一键启动