SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Damn Vulnerable Web Application (DVWA)

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspber…

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Ruby on Rails Phishing Framework

Kaspersky's GReAT KLara

Self-hosted Knowledge Software your question & answer system written on top of the CakePHP Framework

Advanced Web Shell

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

The new Cuckoo Monitor.

A collection of web pages vulnerable to SQL injection flaws

WackoPicko is a vulnerable web application used to test web application vulnerability scanners.

the main hackademic code repository

CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.

Visualize statistics from a Kippo SSH honeypot

A configurable SQL injection test-bed

A WordPress Theme Inspired by Medium.com

Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers

🍯 A simple and effective phpmyadmin honeypot

A tool to parse UPnP descriptor XML files and generate SOAP control requests for use with Burp Suite or netcat

WordPress Honeypot

A configurable XPath/XML injection testbed

Wordpress plugin to reduce comment spam with a smarter honeypot.

An active network monitor tool

Remote timing attack exploit against most Zeus/Zbot variants including Citadel, Ice9, Zeus 2.3, KINS/ZeusVM etc..