Stars
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig, and Symfony
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
A curated list of resources for learning about application security
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
SQLI labs to test error based, Blind boolean based, Time based.
Community-based GPL-licensed network monitoring system
Bolt is a simple CMS written in PHP. It is based on Silex and Symfony components, uses Twig and either SQLite, MySQL or PostgreSQL.
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
Collection of CTF Web challenges I made
A database of PHP security advisories
Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
Detect potentially malicious PHP files
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…
A laboratory for learning secure web and mobile development in a practical manner.
Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
🎯 PHP / ASP - Shell Backdoor List 🎯
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.