SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

PHP Static Analysis Tool - discover bugs in your code without running it!

SuiteCRM - Open source CRM for the world

Collection of CTF Web challenges I made

Command-line control panel for Nginx Server to manage WordPress sites running on Nginx, PHP, MySQL, and Let's Encrypt

A database of PHP security advisories

Pwn stuff.

CMS漏洞测试用例集合

YAK Pro - Php Obfuscator

A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

Nano is a family of PHP web shells which are code golfed for stealth.

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

分享PHP WebShell 绕过WAF 的一些经验 Share some experience about PHP WebShell bypass WAF and Anti-AV

Bucky (An automatic S3 bucket discovery tool)

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsiv…

Bug Bounty statistics tool.

tooltoys for pentest