SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This is a webshell open source project

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspber…

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting infor…

a tool to get Facebook data, and some Facebook bots, and extra tools found on Facebook Toolkit ++.

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

Vulnerable API

RIPS - A static source code analyser for vulnerabilities in PHP scripts

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

A PHP tool to brute force vhost configured on a server.

PHPEB is a small tool that generates and stores obfuscated shellcode in user specified EXIF handlers.

Here Are Some Bug Bounty Resource From Twitter

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

OWASP ASVS Assessment Tool