SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

☁️ Nextcloud server, a safe home for all your data

Damn Vulnerable Web Application (DVWA)

A PHP Blogging Platform. Simple and Powerful.

This is a webshell open source project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

☁️ ownCloud web server core (Files, DAV, etc.)

SQLI labs to test error based, Blind boolean based, Time based.

一个想帮你总结所有类型的上传漏洞的靶场

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

A single page file explorer that can be hosted on static website. 吾爱破解论坛 爱盘 https://down.52pojie.cn/ 页面的源代码

A collection of PHP backdoors. For educational or testing purposes only.

Webshell && Backdoor Collection

CMS漏洞测试用例集合

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up t…

收集一些小型实用的工具

Security technique research and some funny work on it !

OWASP Broken Web Applications Project

complex webshell manager, quasi-http botnet.

A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering and much more

thinkphp反序列化漏洞复现及POC编写

A set of XSS vulnerable PHP scripts for testing

HRSRC是一个安全响应平台，基于SRCMS二次开发的