small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
☆338Apr 8, 2024Updated last year
Alternatives and similar repositories for lfi-labs
Users that are interested in lfi-labs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- packetstormsecurity.net exploit archive 133ch3r☆24Feb 22, 2011Updated 15 years ago
- MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.☆31May 10, 2016Updated 9 years ago
- Working Rsh Client With Bind/Reverse Shell☆19Sep 15, 2015Updated 10 years ago
- a CMD shell in masm that listens on port 8080☆12Dec 19, 2020Updated 5 years ago
- Damn Vulnerable File Upload V 1.1☆102May 26, 2018Updated 7 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Simple web app for displaying cowrie data in your browser☆12Jun 2, 2016Updated 9 years ago
- Basic app to practice modsec bypass☆22May 12, 2016Updated 9 years ago
- Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn rea…☆458Dec 6, 2021Updated 4 years ago
- Local UNIX PrivEsc Aggregation☆243Apr 9, 2016Updated 9 years ago
- A set of XSS vulnerable PHP scripts for testing☆39Feb 10, 2013Updated 13 years ago
- This is a SOAP service written in C# that has intentional SQL injection vulnerabilties.☆21Nov 27, 2016Updated 9 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆278Feb 12, 2021Updated 5 years ago
- Vulnerable Linux socket game for educational purposes☆22Apr 22, 2017Updated 8 years ago
- A tool for the persistent XSS exploitation with a focus for mobile web browsers☆55May 8, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- rev-door is a small backdoor with only ONE line of PHP code, which takes command from POST data and execute it on server side. It is like…☆26May 12, 2016Updated 9 years ago
- SQLI labs to test error based, Blind boolean based, Time based.☆5,740Dec 11, 2023Updated 2 years ago
- A simple tool to dump users in popular forums and CMS :)☆31Jan 30, 2018Updated 8 years ago
- PFI (Port Forwarding Interceptor)☆46Jan 29, 2026Updated 2 months ago
- Automatically exported from code.google.com/p/unix-security-file-parser☆34Dec 21, 2015Updated 10 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- Pivoter is a proxy tool for pentesters to have easier lateral movement.☆144Aug 9, 2015Updated 10 years ago
- A python script used to parse the SAM registry hive.☆77Jan 26, 2018Updated 8 years ago
- Scripts that aren't PowerShell☆48Jan 13, 2020Updated 6 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Capture passwords of login attempts on non-existent and disabled accounts.☆38Aug 17, 2022Updated 3 years ago
- small set of scripts to practice exploit XSS and CSRF vulnerabilities☆66Dec 22, 2017Updated 8 years ago
- Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret☆39Jan 6, 2015Updated 11 years ago
- Vulnerable Grails application☆43Jun 12, 2015Updated 10 years ago
- A C# web handler that is vulnerable to XXE with PoC. This is to serve as an example of what vulnerable C# code looks like.☆26Aug 10, 2013Updated 12 years ago
- OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.☆357Dec 19, 2025Updated 3 months ago
- Simple but effective word list transmutation command-line app. Feed it words, and mangle them into new variations quickly and easily!☆33May 5, 2016Updated 9 years ago
- Blind SQL injection exploitation tool written in ruby.☆99Dec 1, 2024Updated last year
- Holepuncher, A wrapper script to open ports in iptables and start a listener.☆33Feb 26, 2016Updated 10 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Tools for encrypting and decrypting things using Cisco's type 7 encryption.☆15Jan 11, 2013Updated 13 years ago
- 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo☆816Nov 28, 2022Updated 3 years ago
- Recon, Subdomain Bruting, Zone Transfers☆229Aug 2, 2016Updated 9 years ago
- Reverse to use in a batfile which can call the ip and ports from itself☆25Dec 19, 2020Updated 5 years ago
- For when Plan A fails☆13Jan 24, 2012Updated 14 years ago
- Haskell parser for the REIL intermediate language (currently a work-in-progress)☆11Jan 12, 2018Updated 8 years ago
- LNHG - Mass Web Fingerprinter☆63Feb 22, 2016Updated 10 years ago