🐶 A curated list of Web Security materials and resources.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 SQL Injection Payload List

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

🎯 XML External Entity (XXE) Injection Payload List

An HTTP/HTTPS intercept proxy written in Go.

Twitter vulnerable snippets

Useful Google Dorks for WebSecurity and Bug Bounty

网络安全学习资料，欢迎补充

🎯 PHP / ASP - Shell Backdoor List 🎯

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

🎯 Server Side Template Injection Payloads

🎯 RFI/LFI Payload List

Scrape domain names from SSL certificates of arbitrary hosts