SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This is a webshell open source project

Collection of CTF Web challenges I made

A small collection of vulnerable code snippets

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Toolkit to detect and keep track on Blind XSS, XXE & SSRF

Whitebox source code review cheatsheet (Based on AWAE syllabus)

This web application is a demonstration of common server-side application flaws. Each of the vulnerabilities has its own difficulty rating.

This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities

It is a DVWA with some plugins based on real wooyun bug reports

Case for CVE-2022-30778

A Courier Service Management Web Application using PHP/MySQL

bug bounty

Webcam phishing and IP logger connect with Discord webhook.

Writeup of what I'm learning with PentesterLab's Bootcamp

Few examples of sql injection for an upcoming presentation on the topic.