563 Open source projects that are alternatives of or similar to sqlinjection-training-app

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A Deliberately Insecure Web Application

Next generation web scanner

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

GitHub Action to set up Fortify ScanCentral Client

🎯 RFI/LFI Payload List

Here you can get full exploit for SAP NetWeaver AS JAVA

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

Deliberately vulnerable scripts for Web Security training

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Full Nuclei automation script with logic explanation.

In progress rough solutions to bWAPP / bee-box

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Web application vulnerability scanner

w3af: web application attack and audit framework, the open source web vulnerability scanner.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

A container repository for my public web hacks!

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Source code for Hacker101.com - a free online web and mobile security class.

Some good resources for getting started with application security

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

A Ruby micro-framework for writing and running exploits

CTF中Pwn的快速利用模板（包含awd pwn）

An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

An overlay attack example

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Blazing fast, advanced Padding Oracle exploit

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

Framework for rapid development and reusable of security tools

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

图形化漏洞利用集成工具

Powerful dork searcher and vulnerability scanner for windows platform

Rage allows you to execute any file in a Microsoft Office document.

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

Sandboxed Wrapper for Node.js File System API

Collection of different exploits

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

Authentication bypass for outdated WoW emulation authentication servers

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

A number of scripts POC's and problems solved as pentests move along.

⛷ A collection of hacker scripts.

This powershell script has got to run in remote hacked windows host, even for pivoting

block game military grade radar

My exploitDB.

Nmap and NSE command line wrapper in the style of Metasploit

A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.