SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

PHP Static Analysis Tool - discover bugs in your code without running it!

Damn Vulnerable Web Application (DVWA)

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

SQLI labs to test error based, Blind boolean based, Time based.

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Simple web interface to manage Redis databases.

Async PHP client API for the telegram MTProto protocol

Collection of CTF Web challenges I made

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

一个关于PHP的代码审计项目

Pwn stuff.

PHP代码审计分段讲解

构建并优化高效的渗透 Fuzz 字典，提升网络安全从业人员的渗透测试效率。

🎵 Provides a composer plugin for normalizing composer.json.

A PHP proxy script with https and post support

A laboratory for learning secure web and mobile development in a practical manner.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

PHP Secure Configuration Checker

Exploitation for XSS

Kaspersky's GReAT KLara

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Work in progress...

Some of my exploits.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities. NOTE: This project is o…

Experimental fuzzer for PHP libraries

🏆 A full-stack component-based MVC kernel for PHP that helps you write powerful and modern web applications. Write less, have cleaner code and your work will bring you joy.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex