small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
☆337Apr 8, 2024Updated last year
Alternatives and similar repositories for lfi-labs
Users that are interested in lfi-labs are comparing it to the libraries listed below
Sorting:
- packetstormsecurity.net exploit archive 133ch3r☆24Feb 22, 2011Updated 15 years ago
- MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.☆31May 10, 2016Updated 9 years ago
- Basic app to practice modsec bypass☆22May 12, 2016Updated 9 years ago
- a CMD shell in masm that listens on port 8080☆12Dec 19, 2020Updated 5 years ago
- Working Rsh Client With Bind/Reverse Shell☆19Sep 15, 2015Updated 10 years ago
- Damn Vulnerable File Upload V 1.1☆102May 26, 2018Updated 7 years ago
- Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn rea…☆458Dec 6, 2021Updated 4 years ago
- Simple web app for displaying cowrie data in your browser☆12Jun 2, 2016Updated 9 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆278Feb 12, 2021Updated 5 years ago
- Vulnerable Linux socket game for educational purposes☆22Apr 22, 2017Updated 8 years ago
- Local UNIX PrivEsc Aggregation☆243Apr 9, 2016Updated 9 years ago
- rev-door is a small backdoor with only ONE line of PHP code, which takes command from POST data and execute it on server side. It is like…☆26May 12, 2016Updated 9 years ago
- This is a SOAP service written in C# that has intentional SQL injection vulnerabilties.☆21Nov 27, 2016Updated 9 years ago
- A set of XSS vulnerable PHP scripts for testing☆39Feb 10, 2013Updated 13 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- Vulnerable Grails application☆43Jun 12, 2015Updated 10 years ago
- OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.☆355Dec 19, 2025Updated 2 months ago
- Scripts that aren't PowerShell☆48Jan 13, 2020Updated 6 years ago
- Yet another AV evasion tool☆117Jan 3, 2022Updated 4 years ago
- A python script used to parse the SAM registry hive.☆76Jan 26, 2018Updated 8 years ago
- SQLI labs to test error based, Blind boolean based, Time based.☆5,727Dec 11, 2023Updated 2 years ago
- The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of co…☆446Aug 7, 2020Updated 5 years ago
- A tool for the persistent XSS exploitation with a focus for mobile web browsers☆55May 8, 2021Updated 4 years ago
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆762Aug 21, 2023Updated 2 years ago
- APT || Execution || Launch || APTs || ( Authors harr0ey, bohops )☆110Sep 18, 2018Updated 7 years ago
- Pivoter is a proxy tool for pentesters to have easier lateral movement.☆144Aug 9, 2015Updated 10 years ago
- Web Application Firewall For Limited Exploitation☆17Nov 15, 2017Updated 8 years ago
- Tools for encrypting and decrypting things using Cisco's type 7 encryption.☆15Jan 11, 2013Updated 13 years ago
- PFI (Port Forwarding Interceptor)☆46Jan 29, 2026Updated last month
- Simple but effective word list transmutation command-line app. Feed it words, and mangle them into new variations quickly and easily!☆33May 5, 2016Updated 9 years ago
- PowerShell Empire Web Interface☆330May 20, 2023Updated 2 years ago
- Git All the Payloads! A collection of web attack payloads.☆3,908May 15, 2023Updated 2 years ago
- SHELLING - a comprehensive OS command injection payload generator☆446Mar 16, 2020Updated 5 years ago
- Automatically exported from code.google.com/p/unix-security-file-parser☆34Dec 21, 2015Updated 10 years ago
- ☆12Apr 14, 2021Updated 4 years ago
- An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically☆496Sep 21, 2021Updated 4 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,716Dec 1, 2024Updated last year
- A simple web app with a XXE vulnerability.☆232Nov 10, 2021Updated 4 years ago
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆158Jul 10, 2025Updated 7 months ago