SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

An open-source, self-hostable PaaS alternative to Vercel, Heroku & Netlify that lets you easily deploy static sites, databases, full-stack applications and 280+ one-click services on your own servers.

☁️ Nextcloud server, a safe home for all your data

The Symfony PHP framework

Empowering People Ethically 🚀 — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in priva…

Damn Vulnerable Web Application (DVWA)

This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Modern open-source time-tracking app

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

SuiteCRM - Open source CRM for the world

It counts how many times your GitHub profile has been viewed. Free cloud micro-service.

📅 Easy!Appointments - Self Hosted Appointment Scheduler

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Single-file PHP shell

AWSGoat : A Damn Vulnerable AWS Infrastructure

PHP frontend for security.symfony.com

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…

A php.ini scanner for best security practices

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Twitter vulnerable snippets

Laravel Ban simplify blocking and banning Eloquent models.

A semi-interactive PHP shell compressed into a single file.

A small collection of vulnerable code snippets

The Secure Coding Dojo is a platform for delivering secure coding knowledge.