Single-file PHP shell

• Updated Aug 11, 2025
• PHP

Hashtopolis - distributed password cracking with Hashcat

• Updated Mar 17, 2026
• PHP

Ruby on Rails Phishing Framework

• Updated Nov 7, 2023
• PHP

WhiteWinterWolf's PHP web shell

• Updated Dec 2, 2017
• PHP

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

• Updated Mar 14, 2026
• PHP

Advanced Web Shell

• Updated May 1, 2017
• PHP

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

• Updated Mar 6, 2026
• PHP

List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.

• Updated Mar 16, 2026
• PHP

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

• Updated Sep 8, 2025
• PHP

Find AWS S3 buckets and test their permissions.

• Updated Mar 28, 2023
• PHP

Graphical Web interface developed to facilitate the use of security information tools.

• Updated Oct 22, 2025
• PHP

Quick SQL Scanner, Dorker, Webshell injector PHP

• Updated Mar 14, 2024
• PHP

Tools and datas related to Bug Bounty.

• Updated Apr 20, 2022
• PHP

Whitebox source code review cheatsheet (Based on AWAE syllabus)

• Updated Feb 16, 2022
• PHP

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

• Updated Dec 9, 2021
• PHP

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

• Updated May 25, 2022
• PHP

Ji Yu CasaOSRong Qi Yun Gou Jian De Shen Tou Ce Shi Ping Tai - A Home Cloud Container Platform Built For Learning Penetration And Network Security

• Updated Apr 20, 2024
• PHP

Security testing toolkit for Claude Code: curated SecLists wordlists, injection payloads, and expert agents for authorized pentesting, CTFs, and bug bounties

• Updated Feb 19, 2026
• PHP

A PHP tool to brute force vhost configured on a server.

• Updated Dec 2, 2022
• PHP

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

• Updated Sep 15, 2022
• PHP