A PHP parser written in PHP

This is a webshell open source project

SQLI labs to test error based, Blind boolean based, Time based.

一个想帮你总结所有类型的上传漏洞的靶场

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

A single page file explorer that can be hosted on static website. 吾爱破解论坛 爱盘 https://down.52pojie.cn/ 页面的源代码

A collection of PHP backdoors. For educational or testing purposes only.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

WDScanner平台目前实现了如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。

Webshell && Backdoor Collection

一个关于PHP的代码审计项目

Pwn stuff.

Cacti ™

CMS漏洞测试用例集合

PHP代码审计分段讲解

一个各种方式突破Disable_functions达到命令执行的shell

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

OpenSource Poc && Vulnerable-Target Storage Box.

Clone of svn repository of http://insecurety.net/projects/web-malware/ project

网站目录

Windows杀软在线对比辅助

跟踪真实漏洞相关靶场环境搭建

A PHP-based sandboxing library with a full suite of configuration and validation options.

procfs-based PHP sandbox bypass

Make XSS Great Again

Socket HTTP Client

A PoC for exploiting Guzzle's HTTP_PROXY untrusted read

A webshell helps script kiddies to bypass disable_functions