SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

The classic email sending library for PHP

WordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-devel…

Damn Vulnerable Web Application (DVWA)

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

PrestaShop is the universal open-source software platform to build your e-commerce solution.

Main repository for pfSense

Home of the Joomla! Content Management System

一个想帮你总结所有类型的上传漏洞的靶场

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspber…

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

Webshell && Backdoor Collection

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Various webshells. We accept pull requests for additions to this collection.

A semi-interactive PHP shell compressed into a single file.

iCloud Apple iD BruteForcer

A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.

Exploitation for XSS

TCExam is a CBA (Computer-Based Assessment) system (e-exam, CBT - Computer Based Testing) for universities, schools and companies, that enables educators and trainers to author, schedule, deliver, …

Anahita is a platform and framework for developing open science and knowledge sharing applications on a social networking foundation.

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

Simple php reverse shell implemented using binary .

Find AWS S3 buckets and test their permissions.

A collection of web pages vulnerable to SQL injection flaws

RIPS - A static source code analyser for vulnerabilities in PHP scripts

The "bot" component of the PlugBot project

A PHP based membership (registration/login) code