SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A PHP parser written in PHP

This is a webshell open source project

A curated list of resources for learning about application security

一个想帮你总结所有类型的上传漏洞的靶场

YAK Pro - Php Obfuscator

Ruby on Rails Phishing Framework

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up t…

Indicators from Unit 42 Public Reports

收集一些小型实用的工具

MASSCAN Web UI

Clone of svn repository of http://insecurety.net/projects/web-malware/ project

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

利用XSS入侵内网(Use XSS automation Invade intranet)

A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering and much more

DOOM是在thorn上实现的分布式任务分发的ip端口漏洞扫描器

PHP Webshell with handy features

A tool for the persistent XSS exploitation with a focus for mobile web browsers

New On Live Web Vul Scan

Web Application Firewall For Limited Exploitation

Fuck You XSS

Bypassing AV using php encryption.