SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

WordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-devel…

PHP Static Analysis Tool - discover bugs in your code without running it!

A PHP Blogging Platform. Simple and Powerful.

This is a webshell open source project

Damn Vulnerable Web Application (DVWA)

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

SQLI labs to test error based, Blind boolean based, Time based.

This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops

一个想帮你总结所有类型的上传漏洞的靶场

一个好玩的Web安全-漏洞测试平台

ThinkPHP Framework

Collection of CTF Web challenges I made

A single page file explorer that can be hosted on static website. 吾爱破解论坛 爱盘 https://down.52pojie.cn/ 页面的源代码

The Phoronix Test Suite open-source, cross-platform automated testing/benchmarking software.

WDScanner平台目前实现了如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

CMS漏洞测试用例集合

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

PHP代码审计分段讲解

构建并优化高效的渗透测试字典集合，以提升网络安全从业人员的测试效率和效果。

DoraBox - Basic Web Vulnerability Training

OpenSource Poc && Vulnerable-Target Storage Box.

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

CrackStation.net's Lookup Table Implementation.

RIPS - A static source code analyser for vulnerabilities in PHP scripts

OWASP Broken Web Applications Project

Web漏洞渗透测试靶场