SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Damn Vulnerable Web Application (DVWA)

This is a webshell open source project

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Community-based GPL-licensed network monitoring system

phpipam development repository

A collection of PHP backdoors. For educational or testing purposes only.

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspber…

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.

Indicators from Unit 42 Public Reports

Kaspersky's GReAT KLara

A configurable SQL injection test-bed

A Python and ruby script to automate rogue AP process