Security enthusiast Love to learn Linux, PHP and exploit development
SSRF_Vulnerable_Lab. This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
780CORS-vulnerable-Lab. Sample vulnerable code and its exploit code
190sqlite-lab. This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
159Windows-AD-environment-related. This Repository contains the stuff related to windows Active directory environment exploitation
154exploit-code-by-me. Exploit code developed/reproduced by me
89CORS_vulnerable_Lab-Without_Database. PHP
66PHP-web-shells. when i started web application security testing, i fall in love with web shell development and designed some PHP based web shells. This repository contains all my codes which i released in public.
62LDAP-credentials-collector-backdoor-generator. This script generate backdoor code which log username password of an user who have passed HTTP basic auth using LDAP credentials.
59Local-file-disclosure-SQL-Injection-Lab. This is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. If you have any doubt, ping me at https://twitter.com/IndiShell1046 :)
42good-read. Repository for study material including ebooks, URLs, web pages etc
24Certi-Bhai. AD CS exploitation related stuff goes here
24axis_web_shell. This repo contains Axis web shells
18Mannu-Shell. Mannu Shell is PHP web based shell. This code is meant for performing server side file manipulation and other stuffs. Its backdoor free and user friendly.
17Magento-shoplift-python-exploit. Magento shoplift exploit is vulnerability which was discovered by CheckPoint team (http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/) This python script developed by joren but it was having some bug because of which it was not working properly. If magento version is vulnerable, this script will create admin account with username forme and password forme
13hash-cracker-ICA. Just an experiment with hash cracking :) few password lists along with some good password cracking rule sets.
13ysoserial.net-complied. This repository contains complied exe of ysoserial.net ( ys.exe in directory ysoserial/bin/Debug). This work belongs to @pwntester bhai ji \m/
12Red_Team_Op. Notes for the CRTO exam
10Random. This repo contains random stuffs
7SQLI_b0x. PHP
7Panda-sql-injector. API for SQLmap sql injection tool. This tool is developed by my friend incredible.
6SQLI-Lab_b0x. This repository contains sample SQL Injection vulnerable code which are not straight forward.
5weblogic-exploits. POC codes related to Oracle WebLogic server
5XXE_Vulnerable_codes. Sample codes vulnerable to XXE
4Certipy-JSON-Viewer. Python
4network-wala-jugaad.
3sh. b374k php web shell
3RedTeam-Tools. Tools and Techniques for Red Team / Penetration Testing
3insert_SQLI. SQL Injection in Insert query. Application is not throwing SQL server error messages.
1writeups. CTF writeups and the like
1mannu-shell-jump-tester. These codes are for checking read permission on website document root directory for other user in shared server environment.
1mysql-brute-forcer. MySQL brute forcer is a PHP based script which perform mysql user account bruteforcing locally. This code is developed by one of my friend and for Educational purpose only.
1pentest-book.
1Penetration-Testing-Grimoire. Custom Tools and Notes from my own Penetration Testing Experience
1lpeworkshop. Windows / Linux Local Privilege Escalation Workshop
1jexboss. JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
1