SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This is a webshell open source project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

DooTask是一款开源在线项目任务管理工具，提供各类文档协作工具、在线思维导图、在线流程图、项目管理、任务分发、即时IM，文件管理等工具；同时消息功能使用非对称加密技术让你的沟通更安全。

一个好玩的Web安全-漏洞测试平台

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Collection of CTF Web challenges I made

WDScanner平台目前实现了如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

一个关于PHP的代码审计项目

Pwn stuff.

CMS漏洞测试用例集合

构建并优化高效的渗透 Fuzz 字典，提升网络安全从业人员的渗透测试效率。

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

PHP代码审计分段讲解

一个各种方式突破Disable_functions达到命令执行的shell

AoiAWD-专为比赛设计，便携性好，低权限运行的EDR系统。

国内各大CTF赛题及writeup整理

A powerful PHP WAF for AWD

收集一些小型实用的工具

敏感词检测，违禁词过滤，敏感词过滤，敏感词库，一键启动，本地运行，私有化部署，1分钟接入完成，开箱即用，支持docker，支持在线api

webshell sample for WebShell Log Analysis

Multi-language web CGI interfaces exploits.

dockers for CTF_Web.

Reference: http://www.secgeek.net/bookfresh-vulnerability/

Web Input Vector Extractor Teaser

Audit your PHP version for known CVEs and patches

一些漏洞场景的还原，基于https://www.exploit-db.com/