Alternatives and similar repositories for skf-labs

Users that are interested in skf-labs are comparing it to the libraries listed below

• incredibleindishell / SSRF_Vulnerable_Lab

  View on GitHub
  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
  ☆758Aug 21, 2023Updated 2 years ago
• blabla1337 / skf-flask

  View on GitHub
  Security Knowledge Framework (SKF) Python Flask / Angular project
  ☆827Mar 12, 2024Updated last year
• globocom / secDevLabs

  View on GitHub
  A laboratory for learning secure web and mobile development in a practical manner.
  ☆971Sep 25, 2024Updated last year
• wetw0rk / AWAE-PREP

  View on GitHub
  This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with t…
  ☆930Jan 6, 2025Updated last year
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,360Jan 24, 2021Updated 5 years ago
• doyensec / burpdeveltraining

  View on GitHub
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆357Oct 14, 2020Updated 5 years ago
• TROUBLE-1 / White-box-pentesting

  View on GitHub
  This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities
  ☆93Jun 11, 2023Updated 2 years ago
• snoopysecurity / dvws-node

  View on GitHub
  Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API re…
  ☆503Jan 26, 2026Updated 2 weeks ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,360Feb 15, 2025Updated last year
• timip / OSWE

  View on GitHub
  OSWE Preparation
  ☆658Jul 25, 2022Updated 3 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,770Apr 26, 2024Updated last year
• GoSecure / template-injection-workshop

  View on GitHub
  Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
  ☆127Jan 10, 2023Updated 3 years ago
• redcode-labs / UnChain

  View on GitHub
  A tool to find redirection chains in multiple URLs
  ☆78Jan 1, 2025Updated last year
• Security-Knowledge-Framework / Labs

  View on GitHub
  Monorepo of Labs for the Security Knowledge Framework (SKF)
  ☆42Jun 12, 2025Updated 8 months ago
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,042Aug 14, 2024Updated last year
• TROUBLE-1 / Type-juggling

  View on GitHub
  Lab that will help you to understand how type juggling vulnerability works.
  ☆22Sep 23, 2020Updated 5 years ago
• ScaleSec / vulnado

  View on GitHub
  Purposely vulnerable Java application to help lead secure coding workshops
  ☆191Jun 24, 2024Updated last year
• ethicalhackingplayground / ssrf-tool

  View on GitHub
  ☆145Jul 25, 2022Updated 3 years ago
• Shivangx01b / CorsMe

  View on GitHub
  Cross Origin Resource Sharing MisConfiguration Scanner
  ☆173Nov 17, 2021Updated 4 years ago
• m4ll0k / BBTz

  View on GitHub
  BBT - Bug Bounty Tools (examples💡)
  ☆1,881Apr 5, 2024Updated last year
• Josue87 / gotator

  View on GitHub
  Gotator is a tool to generate DNS wordlists through permutations.
  ☆503Jul 17, 2022Updated 3 years ago
• optiv / mobile-nuclei-templates

  View on GitHub
  ☆435Jun 1, 2021Updated 4 years ago
• 10goto20 / seltzer

  View on GitHub
  A Burp Suite extension for headless, unattended scanning.
  ☆36Jun 24, 2020Updated 5 years ago
• GerbenJavado / LinkFinder

  View on GitHub
  A python script that finds endpoints in JavaScript files
  ☆4,280Apr 13, 2024Updated last year
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,484Oct 12, 2024Updated last year
• jbarone / xxelab

  View on GitHub
  A simple web app with a XXE vulnerability.
  ☆230Nov 10, 2021Updated 4 years ago
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,239Jan 8, 2026Updated last month
• 0xdekster / ReconNote

  View on GitHub
  Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security prof…
  ☆416Nov 24, 2020Updated 5 years ago
• harsh-bothra / learn365

  View on GitHub
  This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
  ☆1,691Jun 20, 2022Updated 3 years ago
• boku7 / gsCMS-CustomJS-Csrf2Xss2Rce

  View on GitHub
  GetSimple CMS Custom JS Plugin Exploit RCE Chain
  ☆11Mar 8, 2023Updated 2 years ago
• JoyGhoshs / skf-cli

  View on GitHub
  CLI Version of SKF Labs
  ☆14Oct 3, 2023Updated 2 years ago
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,167May 26, 2023Updated 2 years ago
• gwen001 / pentest-tools

  View on GitHub
  A collection of custom security tools for quick needs.
  ☆3,286May 1, 2023Updated 2 years ago
• ameenmaali / qsinject

  View on GitHub
  qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.
  ☆30May 6, 2020Updated 5 years ago
• BuffaloWill / oxml_xxe

  View on GitHub
  A tool for embedding XXE/XML exploits into different filetypes
  ☆1,129Dec 16, 2024Updated last year
• gquere / pwn_jenkins

  View on GitHub
  Notes about attacking Jenkins servers
  ☆2,090Jul 10, 2024Updated last year
• ticarpi / jwt_tool

  View on GitHub
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,357May 1, 2025Updated 9 months ago
• trickest / mgwls

  View on GitHub
  Combine words from two wordlist files and concatenate them with an optional delimiter
  ☆38Sep 25, 2023Updated 2 years ago
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆758Mar 27, 2024Updated last year