This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

• UpdatedFeb 10, 2024

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发展，支持 MCP 调用，支持 n8n 工作流，文档：https://docs.qq.com/doc/DV3pKbG9GS0pJS0tk

• UpdatedFeb 9, 2026
• Java

A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

• UpdatedJun 7, 2023

Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

• UpdatedDec 15, 2023
• PHP

Praktek Exploitasi celah keamanan website dengan web DVWA (Damn Vulnerable Web Application)

• UpdatedNov 20, 2023

🧾 | Cybersecurity and CTF Resource that i gathered over the years

• UpdatedFeb 12, 2025

Google Custom Search Integration: Utilizes Google's Custom Search API to find potentially vulnerable URLs using search dorks. Automated SQL Injection Testing: Automatically checks URLs for common SQL injection vulnerabilities.

• UpdatedJan 25, 2026
• Python

A Challenge for the Discerning Hacker

• UpdatedJun 12, 2025
• Python

Sql Injection God

• UpdatedSep 30, 2023
• Python

OWASP21-PG is a practical lab that equips enthusiasts, developers & students with skills to identify/prevent web vulnerabilities, particularly in the OWASP Top 10 for 2021. Based on bWAPP, it offers a comprehensive practical lab covering all categories in the OWASP Top 10.

• UpdatedJan 2, 2024
• PHP

GoBypass403 is a tool designed to help security professionals test and bypass 403 Forbidden errors on web applications. It streamlines the penetration testing process, making it easier to identify vulnerabilities and enhance web security. 🛠️💻

• UpdatedFeb 20, 2026
• Go

AfterLogic Products Vulnerabilities

• UpdatedMar 28, 2021

DVWA (Damn Vulnerable Web Application) DVWA is a web application that is intentionally made vulnerable for educational and security testing purposes. It lets users practice and understand different types of web security attacks.

• UpdatedJul 9, 2024
• PHP

LaraVuln, a simple web application aimed at security test labs and application development. Can be done by many test methods such as black box, white box and gray box, this web can be used for web security.

• UpdatedFeb 16, 2025
• PHP

Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only.

• UpdatedNov 26, 2024
• Python

Yasal ve etik sınırlar içinde çalışan pasif web güvenlik tarama aracı.

• UpdatedFeb 10, 2026
• Python

Un petit programme dont le but est de tester la robustesse d'un site contre les attaques de type bruteforce

• UpdatedJun 23, 2020
• Python

蓝凌 V15 系统的 Web 漏洞 POC 大全

• UpdatedDec 29, 2023
• Python

Praktek eksploitasi celah keamanan OWASP top 10 dengan WebGoat

• UpdatedJun 17, 2024

A lightweight, intentionally vulnerable web application for demonstrating SQL injection attacks. Built with Node.js and SQLite for easy setup in seconds no external database required.

• UpdatedMay 3, 2025
• JavaScript