Repo for all the SKF Docker lab examples
☆463Aug 2, 2024Updated last year
Alternatives and similar repositories for skf-labs
Users that are interested in skf-labs are comparing it to the libraries listed below
Sorting:
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆762Aug 21, 2023Updated 2 years ago
- Security Knowledge Framework (SKF) Python Flask / Angular project☆827Mar 12, 2024Updated last year
- This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with t…☆930Jan 6, 2025Updated last year
- This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location☆1,364Jan 24, 2021Updated 5 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API re…☆502Feb 28, 2026Updated last week
- A curated list of amazingly awesome Burp Extensions☆3,373Feb 17, 2026Updated 3 weeks ago
- OSWE Preparation☆668Jul 25, 2022Updated 3 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,779Apr 26, 2024Updated last year
- Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.☆127Jan 10, 2023Updated 3 years ago
- A tool to find redirection chains in multiple URLs☆78Jan 1, 2025Updated last year
- Monorepo of Labs for the Security Knowledge Framework (SKF)☆42Jun 12, 2025Updated 8 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆6,089Aug 14, 2024Updated last year
- Lab that will help you to understand how type juggling vulnerability works.☆22Sep 23, 2020Updated 5 years ago
- ☆145Jul 25, 2022Updated 3 years ago
- Cross Origin Resource Sharing MisConfiguration Scanner☆172Nov 17, 2021Updated 4 years ago
- BBT - Bug Bounty Tools (examples💡)☆1,880Apr 5, 2024Updated last year
- Gotator is a tool to generate DNS wordlists through permutations.☆507Jul 17, 2022Updated 3 years ago
- A python script that finds endpoints in JavaScript files☆4,297Apr 13, 2024Updated last year
- ☆437Jun 1, 2021Updated 4 years ago
- A Burp Suite extension for headless, unattended scanning.☆36Jun 24, 2020Updated 5 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,482Oct 12, 2024Updated last year
- A simple web app with a XXE vulnerability.☆232Nov 10, 2021Updated 4 years ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.☆2,244Jan 8, 2026Updated 2 months ago
- Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security prof…☆417Nov 24, 2020Updated 5 years ago
- This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.☆1,692Jun 20, 2022Updated 3 years ago
- GetSimple CMS Custom JS Plugin Exploit RCE Chain☆11Mar 8, 2023Updated 3 years ago
- CLI Version of SKF Labs☆14Oct 3, 2023Updated 2 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,171May 26, 2023Updated 2 years ago
- A collection of custom security tools for quick needs.☆3,284May 1, 2023Updated 2 years ago
- qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.☆30May 6, 2020Updated 5 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,130Dec 16, 2024Updated last year
- Notes about attacking Jenkins servers☆2,090Jul 10, 2024Updated last year
- Combine words from two wordlist files and concatenate them with an optional delimiter☆38Sep 25, 2023Updated 2 years ago
- A toolkit for testing, tweaking and cracking JSON Web Tokens☆6,402May 1, 2025Updated 10 months ago
- The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, f…☆4,352Sep 30, 2024Updated last year
- Damn Vulnerable NodeJS Application☆764Mar 27, 2024Updated last year
- Web App bug hunting☆578Nov 26, 2025Updated 3 months ago