A simple web app with a XXE vulnerability.
☆230Nov 10, 2021Updated 4 years ago
Alternatives and similar repositories for xxelab
Users that are interested in xxelab are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Simple websites vulnerable to Server Side Template Injections(SSTI)☆420Mar 16, 2023Updated 3 years ago
- Practice hacking JWT tokens☆115Sep 8, 2022Updated 3 years ago
- A NoSQL Injectable Node App☆42Jun 8, 2021Updated 4 years ago
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆775Aug 21, 2023Updated 2 years ago
- ☆250Jun 6, 2018Updated 7 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆113Mar 22, 2024Updated 2 years ago
- Burp Suite extension for parsing Swagger web service definition files☆19Jul 15, 2025Updated 10 months ago
- Simple HS256, HS384 & HS512 JWT token brute force cracker.☆1,174Jul 13, 2024Updated last year
- Damn Vulnerable WordPress☆202Dec 23, 2023Updated 2 years ago
- Bash script that creates directories and files to organize a pentesting☆12May 26, 2021Updated 5 years ago
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆328Mar 27, 2024Updated 2 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,157Apr 21, 2024Updated 2 years ago
- Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn rea…☆459Dec 6, 2021Updated 4 years ago
- Lab that will help you to understand how type juggling vulnerability works.☆22Sep 23, 2020Updated 5 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- small set of scripts to practice exploit XSS and CSRF vulnerabilities☆65Dec 22, 2017Updated 8 years ago
- String or worldlist encoder for use in fuzzing or web application testing☆19Sep 2, 2019Updated 6 years ago
- Labs built in docker to cover NSE lessons☆12Nov 24, 2023Updated 2 years ago
- ☆24Jan 26, 2021Updated 5 years ago
- ☆202Jun 6, 2019Updated 6 years ago
- LDAP Injection Vulnerability Application(Blog Sample Code)☆22Oct 4, 2018Updated 7 years ago
- All known and unknown public POC's for wordpress themes and plugins☆79Jun 23, 2021Updated 4 years ago
- A simple SSRF-testing sheriff written in Go☆338Oct 31, 2024Updated last year
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- A mini webserver with FTP support for XXE payloads☆343Jan 3, 2024Updated 2 years ago
- Repo for OSWE related video content for @SecAura Youtube Channel☆38Feb 21, 2022Updated 4 years ago
- OSWE Preparation☆675Jul 25, 2022Updated 3 years ago
- Local File Inclusion Scanner and Exploiter☆15Dec 28, 2021Updated 4 years ago
- Convert your masscan/subdomain-scan results (80,443,8080) into screenshots for better analysis☆36Jul 10, 2018Updated 7 years ago
- GraphQL security workshop labs☆119Jan 31, 2026Updated 3 months ago
- Enhanced fork with logging, OpenAPI 3.0 and Python 3 for security monitoring workshops☆47Feb 16, 2024Updated 2 years ago
- CTF Writeups☆12Feb 25, 2023Updated 3 years ago
- Check List☆81Jul 16, 2022Updated 3 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.☆1,288Apr 20, 2026Updated last month
- Damn Vulnerable Thick Client App developed in C# .NET☆181Aug 17, 2023Updated 2 years ago
- These are installation notes based on Mayfly's installation notes. They are more streamlined for Vagrant as I did not take the Docker rou…☆27Jun 19, 2024Updated last year
- This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location☆1,367Jan 24, 2021Updated 5 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,747Dec 1, 2024Updated last year
- Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.☆40Nov 21, 2025Updated 6 months ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆94Jun 11, 2023Updated 2 years ago