递归式寻找域名和api。

Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Active Directory certificate abuse.

Examples of using Python for Twitter social data mining, using the python-twitter-tools framework.

Gospider - Fast web spider written in Go

A simple web app with a XXE vulnerability.

Integrated web scraper and email account data breach comparison tool

HTTPLeaks - All possible ways, a website can leak HTTP requests

Building an Active Directory domain and hacking it

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Attack and defend active directory using modern post exploitation adversary tradecraft activity

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Template-based docx report creation

Rewrite of the popular wireless network auditor, "wifite"

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

A collective list of public APIs for use in security. Contributions welcome

A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

Shared lists of problem domains people may want to block with hosts files

What the f*ck Python? 😱

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Awesome Vulnerable Applications

Infection Monkey - An open-source adversary emulation platform

Night mode for the Portainer UI

A spiky Australian bug hunter

Test of asynchronous flask communication with web page.

Simple PHP webshell with a JPEG header to bypass weak image verification checks

WhiteWinterWolf's PHP web shell