SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

WordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-devel…

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

PHP client library for reCAPTCHA, a free service to protect your website from spam and abuse.

AWSGoat : A Damn Vulnerable AWS Infrastructure

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…

AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters

PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules and undertake various security tasks, all accessible …

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

Vulnerable API

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Tiny PHP Web shell for executing unix commands from web page

A simple PHP application to learn SQL Injection detection and exploitation techniques.

👮 Security advisories of Nextcloud

An simple bookstore with PHP and MySql

A web API for RSSAC002 data