SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

An open-source & self-hostable Heroku / Netlify / Vercel alternative.

The classic email sending library for PHP

Firefly III: a personal finances manager

PHP Static Analysis Tool - discover bugs in your code without running it!

WordPress starter theme with Laravel Blade components and templates, Tailwind CSS, and block editor support

Damn Vulnerable Web Application (DVWA)

HTML to PDF converter for PHP

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

This is a webshell open source project

GitHub最全的前端资源汇总仓库（包括前端学习、开发资源、求职面试等）

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

SQLI labs to test error based, Blind boolean based, Time based.

一个好玩的Web安全-漏洞测试平台

一个想帮你总结所有类型的上传漏洞的靶场

《我用爬虫一天时间“偷了”知乎一百万用户，只为证明PHP是世界上最好的语言 》所使用的程序

Simple web interface to manage Redis databases.

📖学习资源整合

Collection of CTF Web challenges I made

Single-file PHP shell

Drush is a command-line shell and scripting interface for Drupal, a veritable Swiss Army knife designed to make life easier for those who spend their working hours hacking away at the command prompt.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

WDScanner平台目前实现了如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。

AWSGoat : A Damn Vulnerable AWS Infrastructure

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

Basic layout of a WordPress Git repository. I use this as a base when creating a new repo.

构建优化高效的渗透 fuzz 字典合集

Pwn stuff.