SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This is a webshell open source project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Webshell && Backdoor Collection

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

Twitter vulnerable snippets

Ruby on Rails Phishing Framework

Visualize statistics from a Kippo SSH honeypot

WSO-Webshell

PoC presented at SOCON-2025 demonstrating the ability to bypass Office documents sandbox using specifically crafted macro