Alternatives and similar repositories for lfi-labs

Users that are interested in lfi-labs are comparing it to the libraries listed below

• fnord0 / packetstorm.pl

  View on GitHub
  packetstormsecurity.net exploit archive 133ch3r
  ☆24Feb 22, 2011Updated 14 years ago
• NetSPI / MoneyX

  View on GitHub
  MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.
  ☆31May 10, 2016Updated 9 years ago
• SEC642 / modsec

  View on GitHub
  Basic app to practice modsec bypass
  ☆22May 12, 2016Updated 9 years ago
• xillwillx / Mini_Bind_Shell

  View on GitHub
  a CMD shell in masm that listens on port 8080
  ☆12Dec 19, 2020Updated 5 years ago
• Charliedean / Rshell

  View on GitHub
  Working Rsh Client With Bind/Reverse Shell
  ☆19Sep 15, 2015Updated 10 years ago
• LunaM00n / File-Upload-Lab

  View on GitHub
  Damn Vulnerable File Upload V 1.1
  ☆102May 26, 2018Updated 7 years ago
• snoopysecurity / dvws

  View on GitHub
  Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn rea…
  ☆457Dec 6, 2021Updated 4 years ago
• securitypilot / cowmilk

  View on GitHub
  Simple web app for displaying cowrie data in your browser
  ☆12Jun 2, 2016Updated 9 years ago
• ewilded / psychoPATH

  View on GitHub
  psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…
  ☆277Feb 12, 2021Updated 5 years ago
• laplante-sean / vulny

  View on GitHub
  Vulnerable Linux socket game for educational purposes
  ☆22Apr 22, 2017Updated 8 years ago
• FuzzySecurity / Unix-PrivEsc

  View on GitHub
  Local UNIX PrivEsc Aggregation
  ☆244Apr 9, 2016Updated 9 years ago
• thezawad / rev-door

  View on GitHub
  rev-door is a small backdoor with only ONE line of PHP code, which takes command from POST data and execute it on server side. It is like…
  ☆26May 12, 2016Updated 9 years ago
• brandonprry / vulnerable_soap_service

  View on GitHub
  This is a SOAP service written in C# that has intentional SQL injection vulnerabilties.
  ☆21Nov 27, 2016Updated 9 years ago
• aj00200 / xssed

  View on GitHub
  A set of XSS vulnerable PHP scripts for testing
  ☆39Feb 10, 2013Updated 13 years ago
• ZeddYu / HTTP-Smuggling-Lab

  View on GitHub
  Use HTTP Smuggling Lab to learn HTTP Smuggling.
  ☆345Nov 20, 2022Updated 3 years ago
• NetSPI / grails-nV

  View on GitHub
  Vulnerable Grails application
  ☆43Jun 12, 2015Updated 10 years ago
• interference-security / DVWS

  View on GitHub
  OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
  ☆356Dec 19, 2025Updated last month
• obscuresec / random

  View on GitHub
  Scripts that aren't PowerShell
  ☆48Jan 13, 2020Updated 6 years ago
• codewatchorg / SideStep

  View on GitHub
  Yet another AV evasion tool
  ☆117Jan 3, 2022Updated 4 years ago
• yampelo / samparser

  View on GitHub
  A python script used to parse the SAM registry hive.
  ☆76Jan 26, 2018Updated 8 years ago
• Audi-1 / sqli-labs

  View on GitHub
  SQLI labs to test error based, Blind boolean based, Time based.
  ☆5,718Dec 11, 2023Updated 2 years ago
• SpiderLabs / MCIR

  View on GitHub
  The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of co…
  ☆446Aug 7, 2020Updated 5 years ago
• echo-devim / xbackdoor

  View on GitHub
  A tool for the persistent XSS exploitation with a focus for mobile web browsers
  ☆54May 8, 2021Updated 4 years ago
• incredibleindishell / SSRF_Vulnerable_Lab

  View on GitHub
  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
  ☆758Aug 21, 2023Updated 2 years ago
• homjxi0e / LOLBAS222

  View on GitHub
  APT || Execution || Launch || APTs || ( Authors harr0ey, bohops )
  ☆110Sep 18, 2018Updated 7 years ago
• trustedsec / pivoter

  View on GitHub
  Pivoter is a proxy tool for pentesters to have easier lateral movement.
  ☆144Aug 9, 2015Updated 10 years ago
• AceRockson / WAFFLE

  View on GitHub
  Web Application Firewall For Limited Exploitation
  ☆17Nov 15, 2017Updated 8 years ago
• eshork / transmute

  View on GitHub
  Simple but effective word list transmutation command-line app. Feed it words, and mangle them into new variations quickly and easily!
  ☆33May 5, 2016Updated 9 years ago
• Cairnarvon / type7

  View on GitHub
  Tools for encrypting and decrypting things using Cisco's type 7 encryption.
  ☆15Jan 11, 2013Updated 13 years ago
• s7ephen / pfi

  View on GitHub
  PFI (Port Forwarding Interceptor)
  ☆46Jan 29, 2026Updated 2 weeks ago
• interference-security / empire-web

  View on GitHub
  PowerShell Empire Web Interface
  ☆330May 20, 2023Updated 2 years ago
• foospidy / payloads

  View on GitHub
  Git All the Payloads! A collection of web attack payloads.
  ☆3,891May 15, 2023Updated 2 years ago
• ewilded / shelling

  View on GitHub
  SHELLING - a comprehensive OS command injection payload generator
  ☆445Mar 16, 2020Updated 5 years ago
• pentestmonkey / unix-security-file-parser

  View on GitHub
  Automatically exported from code.google.com/p/unix-security-file-parser
  ☆34Dec 21, 2015Updated 10 years ago
• Mad-robot / Recon-Style

  View on GitHub
  ☆12Apr 14, 2021Updated 4 years ago
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,704Dec 1, 2024Updated last year
• ngalongc / AutoLocalPrivilegeEscalation

  View on GitHub
  An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
  ☆496Sep 21, 2021Updated 4 years ago
• jbarone / xxelab

  View on GitHub
  A simple web app with a XXE vulnerability.
  ☆230Nov 10, 2021Updated 4 years ago
• JGillam / burp-paramalyzer

  View on GitHub
  Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
  ☆158Jul 10, 2025Updated 7 months ago