SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

Dependency Manager for PHP

Damn Vulnerable Web Application (DVWA)

A PHP parser written in PHP

WordPress starter theme with Laravel Blade components and templates, Tailwind CSS, and block editor support

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Collection of CTF Web challenges I made

2019 年 5 月 11 日防灾科技学院 “应急挑战杯” 大学生网络安全邀请赛 AWD 靶机题目。

AoiAWD-专为比赛设计，便携性好，低权限运行的EDR系统。

A powerful PHP WAF for AWD

一个好玩的Web安全-漏洞测试平台

SQLI labs to test error based, Blind boolean based, Time based.

一个各种方式突破Disable_functions达到命令执行的shell

针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具

字节跳动 CTF 2021 线下决赛的一道 Web 题源码，主要考察 SSRF

国光的手把手带你用 SSRF 打穿内网靶场源码

Webshell && Backdoor Collection

CMS漏洞测试用例集合

Track user interactions without JavaScript ✨